I’ve found Scaleway really good, I’m surprised it doesn’t come up more often here.
If it matters, I didn’t go to them because they were specifically an EU org either - when Packet became Equinix Metal and then that got shut down, SCW were the most equivalent in terms of cost / hardware specifications and I often used them in parallel when Packet was still around so as to not have all my eggs in one basket.
I really like Scaleway too ! I went with them because Linode got bought and I thought, since I was moving my things anyway, let's go to a French provider. And I got a bad experience with OVH, so Scaleway it was.
But really, I wonder why it's not used more ? Price are maybe a bit high for some things ?
I asked myself the same thing, trustpilot is pretty rough on them and a lot of people tell you online to stay away from them. I also had very good support experience so far. Their shared TEM IP had some deliverability issues at times, but they seem to have cracked down on this recently. I am on dedicated IP now, so I can't really judge if there have been improvements.
+1 for bad experience with OVH, their control panel is a mess (only the Italian provider Aruba is probably worse) and their backend is riddled with bugs. If something is broken in the control panel, the support team candidly invites you to do it via their APIs instead.
Another bad experience with OVH here. In fact not bad but catastrophic. They enabled 2FA without my consent and then demanded a signed letter on paper by post to let me back into my account. Their online customer service was beyond useless and the nightmare took weeks to resolve. This after I had been a loyal customer for years. Just when I was preparing to punish them by moving, my VPS went up in smoke at that fire in their Strasbourg datacenter. "Oops, our bad", went the email. Beyond parody. It's almost a surprise to me that this company is still in business.
With Hetzner now for several years without incident.
They used to have competitive prices for a while, with their dedibox line.
I think they are not as well known. It’s a bit of a side project of the parent company, Iliad. They could benefit from heavy investments and some more aggressive marketing, but perhaps it’s not worth the risk and a slow but steady growth is what they prefer.
From a quick web-search: Apparently it was an open-source community project, but the governing organization created a for-profit entity and transferred most of the assets to that entity (brand, website, etc.). Gitea apparently still uses MIT licenses, but the community felt it was a betrayal of the open-source ethos. forgejo is a community fork of Gitea when the issues mentioned were not suitably resolved.
"Forgejo was initially created in December 2022 as a fork of Gitea. The fork occurred after a for-profit limited corporation ran by the lead maintainer of the project, Lunny Xiao, silently transferred Gitea's trademarks and operations to the company and began to establish an open-core model."[0]
My European stack:
- OVH for object storage, domain names and simple Wordpress websites
- Scalingo/3DS Outscale for PaaS (looking for alternatives here!)
- Mailjet used to be EU but they've been acquired by Mailgun - don't know if that's an issue. Brevo is okay as an email service provider but they could be way better.
Correct. Mailgun acquired Mailjet, then Sinch acquired us. We follow the EU data standards of our parent company for our EU products, which include Mailjet and Mailgun EU.
It's also difficult to find providers for competetive large-scale non-transactional emails, i.e. marketing and newsletter mails.
None comes close to AWS, closest comes are messageflow (PL), elasticemail (PL), brevo (FR). Other players like Scaleway TEM (FR) and Lettermint (NL) don't offer non-transactional.
Using it for both transactional and marketing emails (but "only" for thousands of recipients) for some years. Could need some polish IMO, but the core offering is solid. Support is helpful, too.
I am at Lettermint for a month now, coming from Postmark.app (US) and I only can tell positives things about it, works very well and is reasonably priced.
AWS SES does not work for me at all, the sending success rate is really bad.
Can't speak for the author, but freedom from US spying ideally. Additionally, not providing any revenue to a US-company that in turn pays taxes to a government that they don't support the actions of.
US admin is threatening the EU on multiple fronts if you haven't reading the news. Invasions of sovereign territory, dismantling the EU etc.. This is unprecedented and without merit and a lot of EU citizens and governments have reached their patience threshold and are choosing to buy elsewhere.
The US has simply casually mentioned they could turn off all access to US digital services and products that we currently pay good money for. The concern is that they might maybe not all at once but I'm not waiting to find out that they're testing the waters with a single provider.
So we're getting security and independence and promoting the EU tech scene! EU has better privacy laws as well. Before this the US was seen as a reliable ally.
Domain TLD is the one administratively completely entangled into USA system while playing a major role on the internet working as it does. ICANN should definitely be an international entity, like UNESCO.
I am still baffled.. compare a domain like .party or .parts between porkbun or your major US based providers and a EU based registrar of your choosing.... It's not pretty, at least it wasn't to me.
Porkbun has .party for $21.09 (bar the first year promotion, not sure about VAT) and INWX (DE, VAT included) has it 32.80€ . It is definitely more but not as scary as you made it sound.
I'm on INWX but trying to get out, as pricing is quite expensive for regular TLDs. A .com domain goes for about €18 with taxes and all that stuff.
And the situation for autorenewal is terrible. At least when using their Spanish site (inwx.es) they cannot do autorenewal billed directly to your credit card or Paypal account, you have to previously add credit to your account "balance" and leave it hanging there until your next renewal.
Somebody mentioned openprovider.com and I'm taking a look because it looks interesting.
It’s not all bad. I hope you don’t mind tooting my own horn. But there are providers who try to keep prices reasonable: https://domain.chief.app/pricing (disclaimer: this is mine)
I must say though that this (at this stage) is mostly only possible because a few (also Dutch) reseller titans that allow me to be affordable.
The cost of entry as registrar into ICANN TLDs is pretty high
In conclusion from the `What you realistically can't avoid` section is that running entirely on non american services will never happen.
Unless some entity pours hundreds of billions (trillions?) of euros into solving this over multiple decades there will be no way to replace google ads and sign in with google/apple. The AI part seems to be the easiest thing to solve in the list, that says something.
Yeah, they sell you that with the devices. You would need to crack iOS/Android dominance first before you could realistically consider NOT assuming someone has at least one or the other account.
Seems to me like it's mainly regulation. The thing that makes people in China, or Russia, for example, not use Google - isn't that Yandex / Baidu got tons of investments. It is that people can't easily access Google. If the EU decides to pull the switch (or if the US decides to do so), we have enough competence people here to build a search engine.
Google was freely available in Russia up until 2022 and Yandex still had a larger market share. It really was a solid competitor to Google, much better than anything the EU ever had.
That's where democratic governments at a disadvantage. Europe is also more integrated into US market. For example, killing access to Google ads ecosystem will make 100s of thousands or even millions of people unemployed. Apple and Google have multiple offices in Europe. A divorce with US will again make a huge amount of people lose their very high paying jobs. Unlike China and Russia those people can vote.
Moreover, in democracies companies from other countries usually get more say and have more lobbying power. Open market system gives more decision powers to global players. Whereas in China or Russia, if you are not serving the goals of the dictatorial rule, you get ousted permanently without a fear of elections.
I think those things are very hard to predict. Yes, many Europeans will stop working for American companies and lose their very high paying jobs. On the other hand, the EU as a whole will stop sending billions of euros to the American economy, and at least some of this money will be invested in creating local alternatives; Those who worked for American companies will probably find their place in these alternatives.
Everything you wrote about the open market system is true, except it seems like that system have died over the past year. Europeans understand now that the US isn't a friend.
It's possible that will get ""solved"" overnight when some critical service gets cut off or banned in one direction or the other for political reasons.
While it's true Europe might not be producing the next Apple or Google, there are lots of alternatives, like national academic login systems, logging into third parties with bank credentials or government IDs... Solutions that depend less on one commercial company capturing the market, that are in place on a national level and work well. It's a different landscape. Factors like current day political turmoil make people much less trusting of "American" solutions. It remains to be seen if this goes beyond sentiment into some actual pan-European solutions that (claim to) safeguard privacy and data.
What about non EU users? Americans don't second guess themselves when they slap google/apple/meta sign in only. They know everyone in the world will never pause when they see their logo on the buttons. To reach this scale of worldwide adoption for a European service requires a massive amount of investment.
What's even the entry point? Google and Apple make the devices that everyone uses. Even if you build a service like you suggested, how do you ensure that everyone is using it?
> They know everyone in the world will never pause when they see their logo on the buttons.
As in, that they won't run away when they see them or that they will all happily use them? If you mean the latter, then it's just false.
Also, why do you assume that such product would need to be used worldwide all of a sudden? Having something for the local market would be sufficient to call it a success in this instance. There's an ICC judge who could tell you a thing or two about having a whole digital life on the hook of services from one country, so reducing this dependency is a clear benefit.
> Also, why do you assume that such product would need to be used worldwide all of a sudden
Because I'm talking about not running on any American services. Which Americans can do and do all the time. I don't see how we can reach a point where we can one day not include google/apple sign in and not lose a massive number of potential users. Sure it's possible that one day we'll see a "Sign in with EU login" but below it they're always be sign in with google/apple, for a very long time.
That post mostly concerned infrastructure, you won't likely run the same managed DB with 2 different providers, for example, but you can well offer sign-in with EU/non-EU options, and as long as the first one is viable, I'd say that would already be a win in terms of OP's goals.
I could say that you cannot run entirely on US technology, because electronics comes from China. Does that mean that we should just strive to move everything to China, so that we only depend on them?
Agreed mate, it took absolute trillions of Euros for "Sign in with VK" to become a common option in Russia. No clue how they did it while also waging wars.
"Sign in with LINE" in Japan? Quintillions of Yen were spent.
Hetzner was something I already used, so I just doubled down. I have a single OVH instance where I ma playing with Openclaw, but that was because I was having issues with Hetzner that day on their new instance page (was fixed the next day)
I use Bunny for my CDN, I just wish they have the capabilityt to route IPv4 and IPv6 traffic to IPv6 only origins. If your origin doesn't have IPv4, it wont route IPv4 to an IPv6 origin. Something Cloudflare could do. Still a shame its not a high priority.
For Domains, I am still on porkbun, but i have like 20 domains, and moving them to EU registrars would be pricey. I will do it, just not looking forward to it. Also there are few registrars tht handle all the TLDs i have, nothing like Porkbun. I use dot.bs to optimize my registrars and keep track of them.
I self-host a lot, but I haven't done github. I have a Forgejo instance with working CI/CD, but there are some painpoints mirroring 100s of repos and updating PATs. Also I minimize how much critical infra I host. I do it as my day job. Don't want to do it so much at home, and I still do some between NAS and self-hosted services I do run.
I do plan to try out Hanko and Nebius, those sound good. and Hit up scaleway to see if there is stuff I want to use there. I know Scaleway can be pricey.
For domains i find Openprovider.eu is pretty cheap imo, especially if you have a lot and buy in a package it is nearly costprice. Their DNS isn't great though, good enough for personal projects but not for business, would set that somewhere else.
Hmm, seems the good prices is only if you subscribe to their subscription. 5 euro a month or 50 euro a year, then the prices get slashed. Othewise their prices are expensive.
Yes, comparing to Porkbun for .com and .net, it looks like you'd need at least around 10 domains before it became cost effective (the .org price there says it is time limited and I think does not reflect recent .org price increases).
There's also the matter that, ethically, openprovider seems to be heavily focusing on domain name speculators as clients; that may be a business many people would not want to support, and their services for people actually using their domains may be poor.
> There's also the matter that, ethically, openprovider seems to be heavily focusing on domain name speculators as clients
Do you have more info about that? I'm a customer of them and didn't know this.
I actually noticed that quite a lot of (smaller) hosting providers are also customers of Openprovider. (When transferring some domains from other providers to my account as Openprovider, they turned out to be internal transfers.) So I'm a bit surprised about it.
Agree! If you have a number of domains and can justify a membership, they Openprovider (NL) is a good option.
Some foreign extensions are quite expensive though. I happened to be looking into that yesterday, and Netim (FR) seems to be a good option for that. For the two extensions I need, they were among the cheapest with renewals.
> Some foreign extensions are quite expensive though.
It's not just foreign domains that are expensive. A quick check showed openprovider charges double of what other providers charge for .nl domains, and the same applies for other european TLDs, even .eu.
> For domains i find Openprovider.eu is pretty cheap imo
A quick check of their pricing refutes your claim. They do list cheap domains, but it's due to promotional discounts on the first registration that they follow by charging a huge markup in renewal fees.
Case in point, I have a few domains that I have been paying namecheap peanuts to maintain, and the same domains are listed in openprovider.eu to cost between 5 and 10x as much to renew.
How has your experience with Bunny been? I'm quite split on it.
I used to work for a business in a pretty competitive area, where tactics like fake DMCA requests and abuse cases are routinely used to attempt to take down information, be it from Google, or from the CDN/hosting provider. While at first Bunny support seemed understanding of it, later they unceremoniously blocked the account on the basis of too many complaints having been filed, despite all of them being responded to in due time and being proven false.
OTOH, their support staff would respond lightning-fast, which was a breath of fresh air compared to other CDNs we used before.
I could see myself using Bunny for personal projects, or some non-vital business, but probably not for anything with lots of competition.
We used to expose the dedicated servers directly (i.e. no CDN at all), and while that was fine latency-wise, the lack of DDoS protection was really the limiting factor. E.g. Hetzner will just blackhole your subnet if you get DDoSed.
It feels rather unviable nowadays to run a business without some CDN/DDoS protection service in front of your website.
yeah, but dealing with DDoS is easier in terms of DMCA unlike with CDNs because it's you hosting it, not the service provider (this is how Cloudflare avoids DMCA when you cache with them iirc)
so if you can just find a good dedicated server provider that won't cut you off, maybe that's a potential solution?
To be honest, it's been flawless but since I mostly use it for personal or self hosting, I haven't had or deal with your situation. I have had to contact support and they are very fast.
I also use it to hide and protect my hetzner server.
Why would it need to make money, it's just a registry of information and a small about page with a list of entries. It probably runs on sqlite on a single $5 VM. Or a single db.
It looks like DNS is just shared CloudDNS, and email is limited. From the FAQ:
How reliable is dot.bs DNS hosting?
dot.bs is backed by ClouDNS. ClouDNS serves over two billion DNS queries per day, so I can confidently say your DNS is in good hands.
Do I really get free email?
Yes! In order to make this possible, there are some limitations.
A maximum of 5 email accounts per domain (unlimited domains)
A maximum of 5 outgoing emails per hour, per account (to prevent spammers)
A maximum of 75 MB storage per account
If these limits are a problem for you, please reach out and we can figure something out.
Like the author, we self-host our git repos at work with Gitea, and it's working very well and brings a rather large set of features you'd expect from a GH alternative.
I'm using gitolite + cgit for local repositories. I tried Gitea for a while but didn't like the forced user/repo flat structure inherited from being a GitHub clone, and didn't need the additional features that Gitea/Forgejo provide.
Right, I guess it only makes a difference if you use their DNS? Otherwise, registrar being in US vs EU makes zero difference in terms of speed/latency etc. Is this just an ethical or political thing that you want to be out of USA?
> For Domains, I am still on porkbun, but i have like 20 domains, and moving them to EU registrars would be pricey. I will do it, just not looking forward to it. Also there are few registrars tht handle all the TLDs i have, nothing like Porkbun.
For .com domains, if the rationale is data sovereignty, GDPR simplicity, avoiding dependence on a handful of American hyperscalers, then from an operational standpoint I don’t see much value in using European-based registrars. Ultimately, these domains remain under U.S. control regardless.
If the focus is 'stubbornness' [one of the points in the article], then of course you have other priorities.
Personally I am all for data sovereignty etc, but very seldom for country boycotts.
Good, honest write up! As users we need to make more efforts to move out of the American ecosystems. Cloudflare is just so convenient to take only one example.
OT, about the finished product (hank.parts): the French translation and tone is a little rude. For one, it uses "tu" instead of "vous", which does have become customary on Social networks but is still a little bit agressive on a regular website. And "bagnole" or "balance une photo" is more than casual.
Maybe the target are young people but I wouldn't bet on it. Average car ownership in Europe is 53, and 55 in France. Share of new vehicle registrations by adults aged 18-34 is below 10% in Europe.
Interesting. I actually had a human translator do the french translation because I didn't trust deepl/LLMs on certain languages. He was Belgian though. Thanks for the feedback, I will certainly consider it - I don't speak french myself.
> As users we need to make more efforts to move out of the American ecosystems.
While I support the spirit, it's important to acknowledge the reality of the current situation with the US (and the rest of the world). It has little to do with SaaS services and everything to do with energy and defense.
Europe imports more than half it's energy. The United States and Russia are both net exporters (Russia significantly so), China would be close to self-sufficient if not for their limited access to oil.
And while Trump may be ridiculous, he's not entirely wrong about Europe relying on the US for defense. Current estimates are that Europe needs to spent around one trillion dollars on defense to replace American support [0], and even then faces large challenges in getting their defense up to standards fast enough. Meanwhile the Ukraine war has allowed Russia to completely rework their economy into a military one.
While the popular narrative is that Trump is the sole cause of this souring relationship the reality is that geopolitics have been shifting a lot in recent decades and Europe is simply not the global position they were 50 years ago.
Europe can rely entirely on European SaaS companies and will still face massive energy and defense dependency problems.
* Scaleway is totally painful/scary on data encryption at rest and in transit, does not feel like your infra/data is isolated from other customers
* OVHCloud is good if you deploy your production in HA fashion with higher tiers or do multi-region yourself using a vRack, real issue that they made the news with burning DCs, the fact that the customer base has been originally a gazillion cheap web servers does not help big companies going in, they are going somewhere on the SaaS
On most European cloud providers I feel like IAM is crap: workload identity is almost non-existent, API keys management is usually hellish. Same goes for encryption/isolation. I want to hear more technical feedback on most of them, devil is in the details !
I found scaleway's IAM system pretty solid so far. Right balance between "gives you nightmares" (GCP) and "one key to rule them all" (Hetzner.. Bunny.. and so many others)
I was kind of interested in the content, but I am so overloaded with AI slop by now, that reading this generated text gives me nausea.
I was looking to see why they landed on this stack, but there are no alternatives or evaluation criteria listed - given the generated article, I wonder how much of the infra was selected by an LLM.
Claude helped write the article. It is 2026. I proof read it though and yes, giving an LLM a list of specific criteria of what you are looking for in a product is actually a pretty good experience.
If it works for you, it works. I just see the same phrases used repeatedly so frequently nowdays - including my own LLM conversations.
Regarding the use of LLM for picking infra. The issue I usually have with such task is that they frequently omit things - either from the list of options or the features compared. And depending on my familiarity with the topic, I might never notice, which might steer my decision making into a different direction. Basically a certain bias. Sometimes prompting it to repeat reveals more, but ultimately I end up hitting the search and doing my own research, then I might use the LLM again with now more knolwedge and data. Did you run into this too? What was your process?
I do understand what you mean with bias.. some models where quite stubbornly ignoring things like "I want made in EU - not GDRP compliant - not one office or data center in the EU". I remember this being especially painful for TEM and market email providers. Usually they suck at finding the right pricing data at first try.. so I ended up throwing screenshots of pricing pages. Now that I am writing this up, in some instances manually comparing them would have been faster :D ... The bias might come from the huge amount of US dominance in training data and might not even be intentional. In some niches you don't have many options, that's what I tried leaning on in the article.
If that's the case, why do we have to suffer through an AI-generated article? Just give us the prompt.
This topic interests me but I stopped reading as soon as I noticed the slop. I'd much rather read a couple of human-written paragraphs with your personal experience.
Here in Norway (and probably Sweden, too) BankID is a widely used authentication system, and most domestic services will use that as a auth / login. Only "drawback" is that it requires 2FA, which is quite trivial today. But there are still tons of users that want their "login with FB / Google / etc.".
And a last but: If using such auth systems, one would have to account for all the different systems unique to countries.
Maybe some larger EU-specific ID / auth system would make sense?
Many European countries have decent authentication, banking and payment system alternatives or even innovative solutions. I think, like usually, it's just a problem to break out of national or regional circles into something pan-European.
A lot of people seem to agree that relying on a handful of too powerful American companies, especially in the ad and social media space, is a terrible idea and running foul of privacy requirements. Remains to be seen if some larger alternatives manage to pop up though. The European landscape is pretty fragmented.
BankID is very convenient but the lock in is ridiculous. Owned by a private company and pretty much every service that you use depends on it. You're forced to own a new Google-approved Android or iPhone to use it and to function in society.
We definitely need a vendor independent ID system.
> Your users expect "Sign in with Google" and "Sign in with Apple."
You can add email/password and passkeys, but removing social logins entirely is a conversion killer.
I know this is true, but I genuinely don't understand it. I want email/password and passkey, I will always go out of my way to avoid "Sign in with ...". I just don't get why people love this.
Sure, but what the post says is not that they will go for the easier path. It says that if they don't get to link their account go Google/Apple, they will completely give up (it is a "conversion killer").
Well.. it's the flip side of those social logins being known and proven conversion boosters. If you actively decide against them, you are losing a low effort tool to boost your CR.
If you end up, for some reason, being one of those unlucky individuals whose Google account gets banned and all your other accounts are behind Google login, then you truly have been owned.
Are you saying that you reuse the same password everywhere, but a different email address every time, and you feel confident that having your password leaked won't have repercussions?
I am genuinely confused. Sounds like holding a gun from the wrong end and feeling protected by it.
Sign-on with the external identity provider doesn't help if data related to your account like the billing information, your government ID info etc. are released in the breach, that's the sore point.
People will know that my password was y!2TvM8h3dpvw4 for one particular website at some point. What do I lose here? Google/Apple incurs much greater risk that is entirely out of your control.
You mean when using "sign in with" and then using a shitty password for your social media account?
If you use e-mail and password with a good password manager, that runs locally on your device and generate good random passwords, it is unlikely you will end up on haveibeenpwned, and even if one website does shit, the blast radius is only one account on one website.
You'll still have your e-mail address exposed, which you may not want if it is to some random porn site. Moreover, password managers do not work if you use multiple devices for log in, which most people actually do.
I assume they're thinking about the 'offline' style where one would shuffle a database file and probably resolve conflicts. There's an app/extensions nowadays, man!
I don't even bother with a VPN, just occasionally push a 'sync' button on the roaming devices [when they return to LAN]. DB transactions [new credentials] averages ~0 per month... but there's plenty of capacity. Works extremely well.
The truth is that even with KeePassXC, I just really do not notice stale passwords across devices.
It's just really not a huge deal for me personally. Maybe it is for normal people.
I sync my databases maybe once a year if I'm lucky.
Right, that's what I was trying to emphasize. Rare syncs are totally fine here, too. I try to keep a routine but tend to slip. If not 'with my usual device' there's a tiny number of accounts I even need. They rarely change so the 'cache' is usually suitable. If not, the restriction is always short-lived.
I am not sure, whether you are trying to get at something specific, but will interpret the question in good faith:
A classical password manager reads an encrypted database. In theory, you could upload your password database (usually just one file) anywhere, and wouldn't need to worry, assuming, that you chose a sufficiently long password for decryption, and assuming, that the encryption does not have weaknesses, which would allow an attacker to decrypt it without the password. In practice, of course you still wouldn't upload your password file to a public place, to reduce risks in the future. But anyway, the idea is, that only you know the master password for the encrypted database and so no one else can read your passwords.
You don't even need a password manager, browsers autogenerate secure passwords for you, and they sync between computers/mobile devices.
(I'm saying this from the perspective of "regular people don't want to be inconvenienced like that, obviously you should use an external password manager for security)
> Before inevitable "what if your password manager is hacked
My passwords are encrypted with a security key. I think it is more likely for my computer to get compromised than for my password manager to leak the passwords.
Admittedly, if I lose all the security keys at the same time, I lose all of my passwords.
You really don't? It's just a ton easier for most users: it's (almost) like already having an account. Just click a couple times and you're in, no typing at all, no email confirmation or anything like that.
I also avoid it because I'm concerned about being over-reliant on google (what if they close my account?) and I know how to use a password manager, but I easily understand how 90-99% of the population doesn't care enough and goes the low-friction route.
Not to mention that B2B SaaS needs to provide the login methods that their customers need for their operations, and these typically rely on Google, Microsoft, Okta, etc.
I work on auth for a European startup and this is the case.
It's not so much that they'll leave, as much as some percentage will abandon during the signup flow. I know somewhere out there are statistics on those who have to click a link in an email only to get distracted by other emails, to say nothing of the time to fill out forms, create a password, save to password manager, open your 2FA app for the more advanced users, etc.
The higher the friction, the lower the probability of conversion. E.g. Amazon famously found every 100ms of latency costs them 1% in sales.
At its most simplified, this can be thought of as a simple function of time — the more time something requires, the higher chance something else happens during that time, invalidating the original task.
The best sign-in flow is none at all — that's what e.g. Discord does. They let you use the app immediately, with an automatically created provisional account. Amazing user experience.
This applies universally — convenience is everything.
> I also avoid it because I'm concerned about being over-reliant on google (what if they close my account?)
Most if the "sign-in with google" accounts I have seen treat it as a shortcut to creating and logging in with an account with the primary email address of the Google account. So you can hit "reset password" and get a conventional password log-in to an account you previously made with the Google auth. If you get locked out of google, it's NBD.
Of course, this is probably not universally the case.
Passkey signup could be almost as easy. Type email address, click register, invoke WebAuthn flow (which is no more complex than social registration), done. Maybe you need email address validation for some reason, in which case it’s a wee bit more complex. Ideally there would never even be an option to make a password unless passkeys are unavailable.
Sure, and there’s a UI for rejecting passkey enrollment. I’m just saying that there’s no need for anywhere near as many clicks to enroll a passkey as are often needed.
In my experience its been the users who principally only have a mobile phone - i.e. no desktop - and therefore want the benefit of the phone-managed account system tied to .. biometrics, etc...
HN is going to skew towards people with password managers & concerns about vendors locking you out. I think most people just want low friction - be that 'Sign in with', or passwordless-based authentication like 404media (you want to sign in? You've been emailed a code)
I'm not sure non-technical people have a good understanding of or experience with password less email login either. While doing tech support I've seen people get very confused at the need to open another app to login in or the fact that they're now logged in in the webview of their email app and not logged in in the app or browser they had been using (especially if the first thing that web view does is pop up a giant "try the app" modal)
Thanks for your insight. Outside of being a consumer, and as a security engineer one who appreciates things like passwordless, my experience comes from my employers passwordless rollout. The sentiment is broadly positive, but we would veer to a technical user base, and sentiment misses the nuance you brought up.
> passwordless-based authentication like 404media (you want to sign in? You've been emailed a code)
How is this low friction to manually copy/paste a code from email as opposed to allow a password manager to log me in automatically?! This kind of authentication is the stupid current trend I hate the most TBH.
Yeah, and I support anything that makes security by default easier. I'd love to see adoption numbers for in-browser password managers, though, because I feel it's not very high yet.
Because without that the argument of "everyone has a password manager" fails. Tons of people don't have 1Password or Bitwarden or Lastpass or KeypassXC or whatever.
So sure, they might technically have a password manager installed, in that every major browser has a password manager included. But do they actually use it? That's what really matters.
I wonder if there will ever come a day where the average HN user actually understands how normal people use technology.
Just observe anyone in your social circle that does not "care" about technology and you'll see their reaction to a login prompt when trying, not rarely under time pressure, to access a service they haven't used for a while.
They will sigh, maybe roll their eyes. And who can blame them? The same goes for registering to a new service. Normal people don't use password managers, they don't have Bitwarden with auto-fill, nor do they ever "generate" passwords.
"Sign in with..." offers them a way out of a frustrating experience, it's the device telling them "Hey, would you just like to use this thing you're already logged into instead?" -- yes, obviously they would like that.
> I wonder if there will ever come a day where the average HN user actually understands how normal people use technology.
Well, I wouldn't say I don't understand it. If someone uses their smartphone as a hammer, regularly break it and regularly buy a new smartphone, I understand what they are doing. I just don't understand why they are doing it, I guess?
In this case, the post says that it's a conversion killer. So people are so damn lazy that if they can't click on "share the information with Google", they will just leave.
Both available choices "share the information with Google" for most people. The majority of email account creations use a Gmail or Google Workspace address, so Google gets the information either way, and in Europe most use Android so can't sign in with Apple.
Because they don't want to have those experiences where they sigh, roll their eyes, then try and remember a password they made months ago just so they can continue using this thing they signed up for. So they just skip the service altogether.
I assume your circle is mostly tech people? Outside that bubble, it's pretty obvious. People just want easy, don't understand security in many cases, it's the simplest path.
Even absent the above. Imagine a signup flow. I can either click <Sign Up With Google> or I can go through a manual flow with input fields. The former is much faster than the latter. It surprises you people choose the path of least resistance?
It does not surprise me that people choose the path of least resistance. I find it sad that they happily connect everything to Google/Apple.
What surprises me is that it is a "conversion killer". So if you ask people to create an account, it's sooooo very hard for them that they will just leave. And spend the next 30 minutes scrolling TikTok, I guess?
You'd be surprised. I've worked on a municipal/local-area webapp that launched with auth and a create-account form. Userbase in the low 100ks, a few interactions a year. It was an ordinary create-account form: name, address, email/phone, no payment info or government ID. The only alternative to this service--and I do mean only--was to go into a city office and wait in line/fill out forms. Failure to do either resulted in a fine (I forget how much; in USD it would have been less than $50 I'm pretty sure).
Before we added SSO, huge numbers of users would enter but never complete the signup flow. We assumed they were making the (baffling) choice to take time to go to an office and wait inline over filling out a web form. A year later, we added Google and Facebook login. Failures to finish signup dropped to almost zero (a lot of folks were still bailing out of the manual create-account form without finishing, but they were then falling back to Google/Facebook).
More surprising, that year the net number of signups (across web and brick and mortar) more than tripled.
People weren't choosing in-person over a filling out the create-account form. They were choosing to pay a fine instead of filling out the create-account form.
So ... I don't know about "less valuable than TikTok", but a lot of folks' decisionmaking sure is wild.
It definitely surprised me just how lazy humans are on average. The amount of effort people are willing to exert on sign ups, etc... The drop off with each additional field blew my mind.
How many services do you have subscribed to? from simple PHPBB boards to very much official product and online shops? How do you manage all those username/password? The single point of failure of relying on Google/Apple is real, but so is the manual and laborious process to auth via email/password and the managment that goes with it.
Each password is a PGP-encrypted file, encrypted to security keys. The files are backed up in different places, including my laptop and my phone. The password manager app runs offline, so it has no reason to suddenly fail, but even if it did, my passwords are just encrypted with PGP, so I will never be "locked out".
I find it very unlikely that it would get compromised: again it's encrypted to security keys. If my device is compromised, the attacker can extract the passwords that I decrypt while the attacker has control, but not the whole database.
To lose my passwords, I would need to simultaneously lose all the copies (on my devices, and on the cloud). To lose access to my passwords, I would need to simultaneously lose all security keys.
Doesn't feel like a single point of failure. Or do I misunderstand what you mean by that?
> In fact a decent % of people stops shopping on your site if there's a few ms lag.
While it's still true, I have read that the accepted lag today is higher than 10-15 years ago, because they have lower expectations due to a general decline in page load speed. (React pages with spinners/placeholders, newsletter popups, higher page weights etc.)
I may start to create an account, but after about 30 seconds of effort, I'll start asking myself if it's really a service I care about. Send me an email? If it's not there by the time I click my email tab, odds are pretty good I won't wait around unless it's a truly compelling offering. Want me to fill out a form? If it's anything more than just an email and a password field my password manager can complete for, again, I'll question whether I want you to have that info about me.
So no, I may not leave, but each tiny bit of friction increases the possibility of abandonment. From the perspective of conversion, abandonment is the same as "just leaving".
For a single personal user it's only a small bit of friction but if you're in charge of 30 people SSO is a godsend for boring compliance work and managing groups of people. You want to change a domain in the company not a big deal. Don't have to rotate passwords every quarter, need to restrict an employee from a service etc. You aren't imagining other challenges other than your own here.
Something I didn't see in the other comments is users who are using the startup's service for work, as an employee.
Why wouldn't you choose the simplicity of "sign in with Google" if your work email is on Google Workspace, using the entire Google suite of business tools for everything (gmail, chat, meet, docs, drive, auth, etc) any everything you do at work is known to Google anyway?
Making an email/password account with your work Gmail is just extra steps, one more password to store, and perhaps the inconvenience of one more 2FA thing. Google gets the same information either way.
Similarly why wouldn't you choose the "sign in Microsoft" if your work is all in on the Microsoft suite of business tools (teams, office, onedrive, auth, etc.) and everything you do at work is known to Microsoft anyway?
Well, it gives you easier control of your accounts too. Just one entry point for everything, no need to track password leaks from dozens of services (you still need to keep an eye on whether Google has leaked your password, but in that event everyone will know and be working hard to fix it).
From the point of view of technical people it would be easier to achieve the same with password managers, but for the rest of us Google provides a smoother user experience.
It's a few things (source: I've worked on some large online B2B systems and seen signup flow funnel data for some even larger B2C systems):
1. Ease/laziness as others have mentioned. Even for a service that answers a real need, many users will bail out of the signup flow and just ... leave that need unsatisfied when they see a web form.
2. Underreported: google/apple sign-in buttons make it feel like you already have an account. The fact that the "grant access" new-signup request is a second screen and that "sign up" and "sign in" (with Google/Apple/Github/Facebook/etc.) are the same buttons to enter the funnel is huge. It's not that users are confused/forgetting whether they already have accounts (though some are); rather, it's psychological momentum created by the ambiguous language.
3. Trust and consistency. Nontechnical users just trust the recognizable brand buttons more. They don't necessarily know why/know how auth works, but they know that a lot of data breaches happen and are scared. The fact that the embed button almost always looks the same/familiar is massive. I suspect that it would also be a conversion killer if the "sign in with apple/google" buttons were styled to look totally different and not contain logos.
4. A lot of semi-technical folks don't like remembering passwords (and password managers--even good device-integrated ones--aren't as reliable at autofilling as a lot of casual users would like). Others know that it's a bad idea to reuse passwords. As a result, people use the button that doesn't require them to pick a password they'd have to remember.
5. Impression of privacy. Some (especially older) nontechnical users have a significant aversion to typing in their personal info (name/address/CC number) into online forms, so they pick the option that doesn't require that.
6. Technical people who prefer SSO because it gives (on the SSO provider side) a list of every integrated account; better permissions control (for services that integrate with e.g. Google for more than just login); a marginal chance of a little less data being stored on a service's servers versus the regular make-an-account option; somewhat fewer opportunities for a service to screw up auth by building it themselves wrong. This demographic is small compared to less technical users.
That's all presented without comment. Some of those points are based on exploitative provider behavior, or user ignorance. I'm just explaining the decisionmaking factors, not defending them.
Add all those up, and you definitely get a conversion killer.
I tried buying a domain on OVH and the experience was shitty was forwarded between different versions of the page GB etc and could not finish the checkout
I tried to use their public cloud offerings and I got caught in a fraud filter for months. I signed up with my real email and real credit card without any VPN. All the staff could tell me was I should try to improve my reputation by paying for additional services for a while.
The issue eventually worked itself out without paying for services I didn’t need and now I have a functioning account, but it was frustrating for sure.
There is an ongoing lobbying push for "Made in EU" [0] which is unrelated to OPs article. The winds sure are blowing towards European sovereignty. Thanks, Trump!
Authentik would fit very nicely there and eliminate that one large bit that the author says he can't avoid putting on US infra. I am only saying this because he's already self hosting a bunch of things.
My advice and experience is don't use Netcup. They are abysmal at customer service. I once registered a domain with them, and hadn't even paid, but then couldn't get my account deleted at all. Even multiple e-mails did not help and they insisted on keeping my data until half a year later or so. They absolutely behaved like complete holes, and I will never trust them again with anything. I don't know what they do with user data. Maybe they systems are just so terrible, that it is a huge effort for them to go and comply with GDPR deletion request and then they just don't do it.
Also their web interface doesn't allow you to delete your domain, even if you have not paid yet. So anyone could come and make some account and register a domain, but then not pay and they wouldn't remove it from their systems. The feel of their website is very antiquated and due to not being able to delete your domains, feels buggy.
I am using Netcup over the course of 20 years now and tbh never had any problems. Their customer service is very friendly and they responded quickly to me every time. Sorry to hear your story, but I think this is an exception? I had domains there too, but moved away because of functionality. But my main hoster is Hetzner for a decade now. But because of vendor lock out, I am glad to have Netcup too, especially if you consider the price!
I’m not exactly a user with advanced needs, but I have a server with netcup and never had issues. I also know a couple of people who never had any issues with them. I know them as cheap and solid, never even heard of a bad experience I think.
Bummer they failed so hard at your deletion request.
Enjoyable article, thanks.
I'd like to see a section on "layer 8" (or 9? whatever we are calling it). The regulatory layer. There seem to be so many uncertainties in Europe (and to a slightly lesser extent, the UK) now. I think if starting another company I'd have to give it some serious consideration.
I am trying to be on top of the legal stuff. I did start EU first with GDPR compliance and expanding to the UK was kind of low effort. Comparatively little changes are required. I might expand on that in a future article.. all that legal stuff was quite a bit of effort but I got lucky with my lawyer choice and felt very supported from them at reasonable cost.
Thank you for this. I'm in Europe with an established SaaS that's been running in production for years and I've converged on a similar stack (OVHCloud instead of Hetzner). However, I've realized you can stay sovereign and independent in any jurisdiction (not just Europe) just by simplifying your stack and running a few baremetal servers in-house.
Just buy a few Mac Studios and run them in-house with power supply backup and networking redundancy and you're good to go to serve more than 10k - 100k requests/second which is good enough to serve a million customers. You don't need VMs: a single Mac Studio gets you 2–4x the power of m7i.2xlarge on AWS, and pays for itself within a few months of AWS bills. You can do local AI inference and get Claude Opus-level performance (Kimi K2.5) over a cluster of Mac Studios with Exo.Labs (an unofficial Apple partner). You get free S3-compatible object storage with zero ongoing storage costs with MinIO (yes it's redundant even if you lose a server, and your hosting provider can't hold your data hostage by charging for egress). Postgres runs like a beast and is incredibly easy to setup - you get zero latency DB because it runs on the same machine, has access to lots of RAM and you're not paying per-GB or per-core. Managed databases are a scam. You don't need an Auth provider, just do passkeys yourself. And the great thing about Apple Silicon hardware is that it is amazingly quiet, reliable, and efficient - you can do thing like run headless browsers 3x faster and cheaper than on standard server hardware because of the unified memory and GPU acceleration, so you're not paying for CI/CD compute by-the-minute or headless browsers either.
This entire stack could give you computing power equivalent to a 25k euro/month AWS bill for the cost of electricity (same electricity cost as running a few fridges 24/7) plus about 50k euros one-time to set it up (about 4 Mac Studios). And yes, it's redundant, scalable, and even faster (in terms of per-request latency) than standard AWS/GCP cloud bloat. Not only is it cheaper and you own everything, but your app will work faster because all services are local (DB, Redis cache, SSD, etc.) without any VM overhead, shared cores, or noisy neighbours.
I've designed our app so that there are only two stateful services that matter: Database and Disk. Everything else is cattle, you can shut down or spin up new instances and the load balancer redirects requests with no impact. Making Postgres redundant is a matter of careful configuration with PGBouncer + HAProxy + Patroni. However for a long time we had a much simpler setup: just restore a new database from backup on a new machine if the main one failed (one-time simple script run manually - not automatic, means a little bit of downtime if there's a failure, but it worked). Or you could use CockroachDB. Making disk redundant: just use MinIO for S3-like disk (that's also where DB backups are stored). You can lose up to 2 out 4 of your servers and you lose nothing.
With this setup if 1 or 2 Mac Studios fail (or need to be restarted for updates) everything just keeps running smoothly with no customer impact. It also helps that the app itself is on the Elixir BEAM (Phoenix) so everything "just works" across all machines.
MinIO was a previously open source blob store. It's pretty old, it was basically created right around the time S3 took off.
You should probably reconsider going with it in 2026 unless you're fine with their new (non -opensource) offering. It still has a "free" license, so it might still be an option depending on your priorities.
But there are alternatives around, some being arguably much easier to run/maintain for small deployments like this.
Do note MinIO is deprecated and no longer maintained, discussed here[1]. There are plenty of alternatives though, most mentioned in the referenced submission.
Great post, and interesting setup - harkens to days of old, when this was simply how things were done in the first place - but one question that I have, apropos:
>.. serve more than 10k - 100k requests/second which is good enough to serve a million customers.
What is your network connectivity like for this setup? Presumably you operate in a building capable of giving you fiber, with a fixed IP, or something like that?
> Presumably you operate in a building capable of giving you fiber, with a fixed IP, or something like that?
That is not really a rarity these days. I have symmetrical gigabit fibre with a fixed IP here in a Spanish farmhouse 45 minutes from the nearest population centre
In some countries and with some ISPs, you cannot get a fixed IP address at all, unless you register a business and prove to the ISP that you are running a business. I am guessing they will bill you accordingly then, and still have the same shoddy connectivity. I have seen shoddy connectivity with Pyür in Germany for a whole office building. Even as a business you are not immune to bad ISPs.
I guess Spain benefits from having a former national telecom. Movistar charges me a (outrageous by local standards) €30/month for a static IP on my residential fibre
No SLA in the world is going to help in a rural area, when a winter storm brings a tree down on the fibre :D
But they offer the exact same specs to business customers in the nearby town. I appreciate Spain is well ahead of most other countries on connectivity, but I can't picture gigabit + static IP being a dealbreaker in most of Western Europe
Gigabit fiber with static IP for about 40 EUR per month. I plan to make it redundant with a second gigabit fiber connection from a different provider but haven’t done that yet.
>However, I've realized you can stay sovereign and independent in any jurisdiction (not just Europe) just by simplifying your stack and running a few baremetal servers in-house.
Only if you have physical offices and staff in every jurisdiction you're serving.
Presumably you have a home where you live? That's your physical office. And no you don't need a presence in every jurisdiction you serve. Visa payment network serves the world from the US.
Yes, but not where my customers live. The whole point of "sovereignty" is to serve customers from a location that is bound by the laws of _their_ jurisdiction, not mine.
There are quite a few factors that matter. The place where data processing and storage takes place is one of them.
It matters who can physically take control of the servers. It matters where the encryption keys are stored. The storage and processing location also matters for compliance with data residency laws.
But it's not the only thing I mentioned. Having physical offices and staff in a jurisdiction usually goes along with setting up some sort of legal and taxable entity that has personally responsible directors.
I have been self hosting since couple of years, yes I got very very interested in self hosting my apps, away from the cloud overlords, but the major issue is the network.
You'll need business internet plans with redundancy and based on locations that might be prohibitively expensive. Some startups might even require their own AS numbers.
Also the connectivity to the data centers or cloud infra like WAF , CDNs etc will be definitely worse compared to cloud instances. Then comes firewalls, their configuration and their redundancy.
These things will matter if you're serious about your SaaS.You could definitely co-locate, but that's another cost, then comes the redundancy of everything, from servers, to disks to network (routers and switches etc).
I personally believe that modern hardware is pretty reliable and doesn't need redundancy in every layer, but most people won't agree with and when startups have enough money, this doesn't matter to them.
I think the only reason the common public is unable to start SaaS is handling and managing these problems. Redundancy costs a lot. And many startups don't want to deal with it even if it'll help them in long run. They just gather enough cash and throw at the overlords.
I do hope that the general infra should improve so that can properly host their own.
Nevertheless I'm still trying to start something in SaaS space and self host from my home...
Ah yes, MinIO, that open source S3 alternative that got archived last week.
To me that's the biggest problem when self-hosting services.
On day to day operations, some times it just breaks and the time to get it back varies from a couple of hours to a couple of days.
And for the longer term you regularly have to upgrade things yourself which takes time and energy and is stressing for stateful deployment.
And then you have it, at some point maintainers are just exhausted and the project is gone.
Got lucky that we have a good personal relationship with our small local ISP and I trust they handle that for us. In the future I want to make it redundant by getting a second gigabit fibre connection.
I’m not anti American, that’s not the main point of my setup. The main point is I want to own it, not rent it. Apple doesn’t control my production setup after it’s in my hands. Macs from 10 years ago still work.
HP makes them, so does Dell. They cost a bit extra, but essentially the whole Federal government runs on nothing else.
The difference between EU and US is that it's possible to make all components in the US, using US equipment, and so some companies do because it commands a pretty decent premium. It's not even that hard since most components (e.g. reference motherboard designs) are still designed and actually built in the US. China still really mostly does what you might politely call "commercializes US tech". And let's not discuss too deeply if they correctly pay licensing for all the components they make, because nobody enjoys that discussion.
And yep, as you might expect, only Intel chips, no Nvidia cards ... and that's not the end of the limitations. The previous version had no USB-C monitor support, never mind one USB-C cable to multiple monitors, but last year intel really pushed a bit harder. But even this year, I'd hope you're not going to be trying to use these machines for gaming.
The EU can't even make a modern motherboard's USB port chip.
Oh and yes, there are cracks in the US version too. The phones used, for example, are iPhones. Radio designed in South Korea ...
The most technologically critical component of ASML's EUV lithography machines (the EUV light source) is designed, developed, and manufactured in California by Cymer.
> forces the Dutch government to put export controls on some of their machines
That's because the critical EUV light source technology is developed in California by a US-based subsidiary of ASML. The US and EU have mutual interest in protecting the technology and machines. If export control agreements were not in place then ASML would have never been permitted to acquire Cymer. And if they are not enforced then the US would almost certainly require ASML to sell Cymer back to US ownership, TikTok-style.
I'm rather curious where in the US HP and Dell source, let's say, their displays?
And while many (but certainly not all) of the other components could be made in the US, it's expensive and capacity is limited. So even the likes of HP and Dell have most of it done in Asia. Even Intel chips generally pass through Asia for assembly and testing, and their modern CPU tiles are likely to include TSMC-fabricated components.
All this is to say: the US is not tech independent (unless ancient tech counts). No single country is.
Though if you're just trying to say that the EU is significantly more tech-dependent than the US then I agree of course.
It has the standard property of ownership: nothing gets turned off without YOUR permission, or at minimum legal proceedings in the area where you are located.
I'm not aware of any standard of property ownership with regard to Mac OS, Windows or any other proprietary software. The end user is granted a license to use the software. That license can be revoked at any time for any reason.
Are you actually using Exo for local clustered AI inference? I’ve considered it a few times and keep finding horror stories. Never seen someone report it’s actually working well for them.
I, too, once believed this. Then I had the displeasure of watching a $10,000 server fail during Christmas travel (about 20 years ago now). A single RAID drive failed. Then, during the rebuild, a second drive failed. Then the RAID controller itself failed catastrophically, losing all the RAID volume metadata. When we restored from backup, we discovered that the sysadmin who had just quit a few weeks before had lied to us about the backup system, and we had no backups.
This is the sort of black swan event that happens every 5-10 years. It's an unusually bad event, even by black swan standards, but stuff like this happens.
The fundamental problem of self-hosted databases is that you test the happy path every day, but you only test true disaster recovery every 5-10 years. And in practice, this means that disaster recovery will usually fail.
With a managed database service, most of what you're paying goes to making sure that disaster recovery works. And in my experience, it does. I've seen RDS database servers fail catastrophically, and completely rebuild in under 15 minutes with virtually no data loss, with almost no human intervention at all.
If you care about your customers' data, I think that a reputable managed database is the right move until roughly the point that you can pay for a full time database administrator. At that point, sure, roll your own. But do regular disaster recovery tests, lest you discover that a recently departed DBA has been lying to you.
Yeah but even with managed database services you don't know if your provider has invested into proper testing of their recovery so you have to test it anyway. Major services like DigitalOcean have been known to shit the bed with your backups. If you don't test your backup recovery, you don't know if you're screwed even if you're paying for "managed" services.
I test my backup recovery several times a month by actually baking into our CI/CD workflow under certain conditions. The entire production database gets restored from backup every week.
You could use a managed db service as a live replica dedicated as a backup only. The queries would go to your local database on beefy hardware, while the replica would just have to be powerful enough to keep up with the WAL stream.
Yes, except for one HAProxy server. The setup I described isn't fully in production yet, but my testing confirms it works. We've been running for years on one single baremetal server on Hetzner/OVH though. And macOS makes sense for one of our main workloads (headless browser agents). Much better than browser-in-linux-docker for many reasons.
The article does not mention payments. I would be especially interested in a European Stripe alternative - this is what I find really difficult to replace.
A lot of people are over romanticizing on Hetzner. The hard truth is that Hetzner is a great provider for bare metal machines and extremely competitive pricing, but it's extremely demanding to run production workloads there without a dedicated infra guy. Claude won't wake up in the middle of the night solving the things helped you provision in an acceptable timeframe. If you are serious about your product SLOs, hyperscales shine, and you can only accept the "cloud tax".
Hetzner is a very particular product. They openly cop to being "overly cautious" with even letting people open accounts because they're playing with razor thin margins: I wouldn't engage with an organization like that for serious production workloads.
At least, where "serious" is defined as making enough money that paying AWS $200 a month for $20 a month worth of compute is worth it in exchange for an actual SLA*, paid support, and knowing that even if you drop of the face of the Earth, the account will probably run unfunded months before your users even notice.
I've been bitten by using "quirky" tier-3 providers for savings on projects that really should have just ate the cost of a bigger provider.
(* Yes an SLA is not a magic uptime guarantee, but it creates an expectation which is a lot better than nothing.)
> Google Ads and Apple's Developer Program. If you want to acquire users and distribute a mobile app, you're paying the toll to Mountain View and Cupertino.
If you said Play Store, then sure, though at least distribution on there is free. But you said Google Ads, which you really do not need to acquire users. Returns on Google Ads were already low, and have only continued getting worse and worse. I'm sure someone here claims to be a magician at it and believes they can get a fantastic RoI out of it, and I'm sure some can. But the huge majority doesn't. It's very much like day trading stocks.
There's a huge number of other, better avenues for paid marketing if you want to do it.
Google Ads does "kind of" work in the niche I am in, usually with low competition key words.... but I did stop throwing money at it. I am never going to return the investment per conversion... but if you want a search engine to throw your money at.. it is still pretty much without alternative to me.
If you want to throw your money into a pit, there's a lot of alternative pits available out there. Happy to share my bank account, then at least one of us gets use out of it.
> You can add email/password and passkeys, but removing social logins entirely is a conversion killer. Every one of those auth flows hits American servers. The silver lining: Hanko, a German identity provider, handles the auth layer itself, so at least your user management and session handling stay in Europe, even if the OAuth flow touches Google or Apple.
You can at least put "Sign in with Spotify" first before Apple/Google - they have social login. I've even seen apps that have nothing to do with music offer it as an option.
Problem is that there's no point in adding it unless a sizeable number of people using it, and Spotify is the only European one I can think of where that's the case. Seznam clearly isn't unless potentially a cz-only service - no idea how popular it is there.
Delivery Hero is really big and EU but too fragmented. Maybe Wise should add social login, I think Paypal has it.
As I said, anything that's not search ads. Youtubers, influencers of any size, UCG, podcasts, newsletters, you name it. LinkedIn content. There's thousands of options. Or if you do want to throw money at US/Chinese big tech, then TikTok, or Apple, or Reddit ads. Industry fairs. It entirely depends on where your niche is.
Of course if you're the next YC B2B SaaS raising big series then sure go burn your VC cash on Google Ads, but that's clearly not what OP is doing, or really most of us.
Different industries have different customers with different needs and funnels.
None of my businesses use a "sign in with..." option and I highly doubt it would increase conversions, however the article and many commenters here are adament (based on their experience) that it is integral.
I'm not sure it's day trading per se, I think it's just a lot more relevant to some industries/products than others.
OP is talking about apps distributed through App/Play Store though. After a certain size in B2B services, sure, you can do Google Ads. But even for B2B it makes no sense to start out with it unless you're a hot startup raising big rounds. The RoI isn't there in 2026, the juice has been squeezed.
If you dig one step beyond hetzner you should start to see that the whole thing is unavoidably global. There is no truly dominant monopoly holder anywhere. Who makes the photolithography machines? What about those weird Japanese companies that make chemicals and substrates that no one else can?
For anyone looking for non-US transactional email, I found https://mailpace.com via HN a while back and can recommend. Can't remember who the HN user behind it is, but they've done a great job.
Does anybody know whether there are any European alternatives for Github that allow you to host private/commercial repositories without using self-hosting?
Their direct internet connections rarely go down, but links between servers in their internal network suffer from intermittent failures. if you make your service reliable enough to be able to run on a single node, you could have built a monolith in the first place.
I think this is short-sighted - there are many applications where a single node is all one needs, and this is a huge part of Hetzners user base, presumably.
A bit of anecdote from me, as a decades-long Hetzner user: I have personally felt no real impact whatsoever with their internal network suffering from intermittent failures. The downtime incurred by Hetzner admin I've experienced is measured in minutes, in my case over a 10 year period as a customer...
If you build microservices you should always assume that links go down! So what is the deal here? Think about it as a feature to make your application more error prone. :-)
Ehm sorry but no. Sovereignty means you own the stack not that you just choose other suppliers. Build on EU infra means owning a machine room with some servers, having fiber optic good enough for your traffic and that's is.
What the author describe is just a supplier switch still owning next to nothing.
Perhaps the term is overloaded, and a better one would suffice, but the bigger point is to ensure that none of their infrastructure is under the purview of any US entity, public or private.
Are our institutions more "legal" or "reliable"? Honestly, it doesn't seem that way to me. Oh, let's be clear, the less I have to do with the GAFAM, the happier I am; Hetzner has shown itself to be a good company so far, as have several others, but if we don't start to understand what "ownership" means in the digital world, we'll never get out of the current sorry state of things.
The average Joe understands the concept of owning versus renting a physical good, whether it's a car or a fork, but in the digital realm, they think "if I see it on my screen, it's mine", they just can't grasp it. If we don't start teaching this, we won't be able to have a society built for digital sovereignty and technical rationality.
We'll keep having "communication services" that only talk to themselves, like WA, Slack, Discord, etc instead of those where everyone can talk to everyone else, from email to XMPP. Most people won't realise how absurd it is that WA only talks to WA, whereas even a basic telephone can call from any phone company to any other. Making people understand this is the foundation, which is currently missing even for many techies who get it because they have the knowledge, but only with a somewhat vague understanding, without really caring how to do things differently.
Hetzner is juggling quite a bit of legacy systems (konesoleH, Robot) around at the same time.. bare metal (root) is still on Robot, a system from the early 2000s I believe.. konsoleH is for classic website hosting and console is what oyu need for cloud. They are progressively moving over stuff to console now, DNS and Storage Boxes have recently moved.
All of those considerations are driven by politics, not technical matters. What if in Germany next election will be won by AfD, in France by Lepenists (Jordan Bardella is going for the win in 2027 election). And next US election will be won by Democrats. What's then? Moving back to the USA?
Data sovereignty, avoiding monopolistic dark patterns by big American corporations and choosing local business partners that you can keep accountable is not political, it’s logical choice.
Its a really good sign that this worked out at all. And the takeaways are enlightening
- EU domain registrars might have some bullshit under the hood making the same TLDs more expensive. Might need to investigate
- eu needs its own mobile app ecosystem, easy auth, and genAI offerings
- - but interested to see why mistral wasnt feasible
- other things need to be scaled up to have the community and maturity to function well. This come with time and adoption
Id love if this took off. If more and more people did this
Mistral seems great and offers great functionality and maybe fair pricing. However, I have used their LLM API (Le Chat?) in a project and unfortunately the API times out sooooo often. I had to add retry logic and have timeouts of 5 minutes and such, and sometimes there is just never a response from the API. If they could make that more stable ...
(I am using their official Python client library.)
Have you tried Mistral? Admittedly I've only used it twice but I was disappointed. It feels like comparing openoffice to word 20 years ago - does the job but at an obvious compromise
Super timely - thank you! Im in the process of moving the entire stack of my SaaS* fully in EU as well. Hetzner bare-metal, Talos k8s, OVH Object Storage for backups, self-hosted (for now) image repo. For now im still on Cloudflare for CDN, but bunny looks interesting. Using GitOps (FluxCD) as deployment strategy enables no dependencies on e.g. GitHub Actions.
For one thing running on bare-metal @ Hetzner is insane value for money versus GCP GKE. Im a third of the running costs and get ~50x resources.
The only aspect im struggling with is full-disk encryption. Although customer data is still encrypred with envelope encryption in the database, i want to migrate to fully encrypted disks (LUKS + TPM) sooner rather than later. If anyone has any resources and/or experience with this, please let know :)
Unless I'm mistaken you can install hetzner from ISO allowing you to use LUKS. You could use teng/clevis to allow it to automatically unlock (or refuse to, given certain conditions)
We use bunny.net dns for Geo DNS with their dns based load balancing for my websocket infra. They have awesome community and support is top-notch. Getting a response from Cloudflare community is like taking a lottery if you are free plan.
Now how bulletproof it is in practice will be tested in years to come, I'm sure. But it seems to be using the same model as AWS in China where a local company licenses and operates the software from AWS.
The Chinese version of AWS isn't the full offering, offering less than 1/3 of the services. ESC appears to be more complete, but it's not a third party local company, but rather, a walled-off subsidy of AWS in Germany.
>Now how bulletproof it is in practice will be tested in years to come
Zero chance the data stays in the EU. Just think about it for a moment. US CLOUD Act directly conflicts with EUs GDPR. Amazon doesn't want to risk losing EU markets but it can't lose the US market by not complying with US law.
If these two conflict Amazon will side with the US. The savvy business move is to pretend to serve the EU market exclusively while privately adhering to the US demands.
A lot of this discussion actually more about "use baremetal" or "put servers in your closet". HN tells Americans to do the same thing (and hire them to do it).
I go out of my way to use American services. It would be hypocritical of me to deny others the right to use their country’s services. Plus competition is always better for consumers so have at it.
I am deeply troubled by what the Trump regime is doing but I think this trend for European countries to use European tech is actually quite good. Competition is better, plus your privacy laws are much better. I host some of my own data in Europe for this reason.
> Let’s say every company gets about three innovation tokens. You can spend these however you want, but the supply is fixed for a long while... If you choose to write your website in NodeJS, you just spent one of your innovation tokens. If you choose to use MongoDB, you just spent one of your innovation tokens. If you choose to use service discovery tech that’s existed for a year or less, you just spent one of your innovation tokens. If you choose to write your own database, oh god, you’re in trouble.
From my POV, the author spent their innovation tokens on a political commitment. I would not recommend this path to someone starting a company. It's hard enough already.
Also, many American companies that might have been useful to the author were founded by Europeans, e.g. GitLab. There's plenty of European talent for making widely adopted infrastructure. If those companies aren't in Europe, it's worth asking why [1].
But the argument is reversed! The more boring your tech stack, the _easier_ it is to host it anywhere (including Europe). So choosing boring tech is actually an enabler of this (and other) choices down the line.
It's only "a political commitment" as long as it doesn't affect you yet; and from the European perspective I'd say "the affecting has begun".
I'd say from this author's POV, his commitments cost him in terms of headaches, costs, and time not spent optimizing for meeting customers' needs:
> The parts that were extra hard
> Transactional email with competitive pricing. This one surprised me. Sendgrid, Postmark, Mailgun, they all make it trivially easy and reasonably cheap.
The EU options exist, but finding one that matches on deliverability, pricing, and developer experience took real effort. Scaleway's TEM works, but the ecosystem is thinner. Fewer templates, fewer integrations, less community knowledge to lean on when something goes wrong.
The choose boring technology essay notes that as you get further along you might get more innovation tokens to spend. but when you're starting out, "not choosing sendgrid because they're American" is a token gone when they're most scarce.
Fair enough... though if I were to push my point: one could also say that dumbing down your mechanisms of email sending (i.e. ditching templates, or pulling the templates to your own codebase) would give the same advantage I talked about earlier of vendor-independance
I've witnessed quite a few attempts in this regard, and they're truly admirable. Although Gitea's trademark and domain are controlled by China.
From a geopolitical perspective, such attempts don't hold much significance. The EU's future doesn't lie here either. It lies more in media control, profiting from balancing between the US, China, and Russia, and even continuing to extract raw materials from former colonies through low prices or unfair contracts. This may not be glorious, but it's what's been happening all along. A vast consumer market, the influence of values, comprehensive soft power, cultural control and integration of large numbers of immigrants, and so on. "Made in EU" will never succeed.
I've built gethly.com entirely on my own VPSs, so i was concerned only with VPS providers. People actually might not know that Europe has orders of magnitude more developed IT infrastructure than USA, or China(Asia is actually quite a joke). For every one VPS provider in North America, Europe has 10. Not only that but there are all necessary services one might need - cdn, domains, dns, storage, payments... nothing is missing. I don't see why people think they "need" american companies, except the big three of cloud providers with their gazillion useless services. But 99% of projects don't really need cloud services at all.
Truth be told if you're a European business, U.S. cloud providers weren't a good deal for a long time. Not since the advent of NVMe's and cheap 100G NIC's, well, that's for sure. Let's have a look at AWS R8 class, which is their most recent native instance type with real, modern I/O. Now, these are ostensibly powered by AWS Nitro 6th-gen networking, which is a 600G NIC. However, if you fancy NVMe drives (R8gd) which you do normally, you won't be getting more than 50G full-duplex. If you want to hit 100G+, you will need R8gn instances which don't offer ANY storage. So if your idea of data engineering is not calling from the 90s, well, you're stuck between a rock and a hard place mate!
Good news is you can get PCIe 5.0 servers, I/O gear, and host it yourself for a mere fraction of semi-capable AWS bill.
Bad news it doesn't matter if you don't get enough uplink bandwidth, no control over the routing table in the core routing infrastructure leading up to your WAN, or actual routers capable of hardware-filtering 100 gigabits worth of line rate per link. And you will need all these things if you want to at least try and match what Cloudflare/Cloudfront is doing from routing standpoint. (It will be much harder though to match them from the CDN standpoint...) DDoS protection is overrated, but it's not for reasons people commonly think.
Can confirm on Hetzner. I'm building a SaaS on it right now and had to request a VPS limit increase. I was so worried and carefully crafted my request message. I was bracing for a multi-day back-and-forth but they just... did it in like 10 minutes lol
> The pricing is almost absurdly good compared to AWS, and the performance is solid. If you've never spun up a Hetzner box, you're overpaying for cloud compute.
My support experience with Hetzner has been first class, every single time. They're honest, responsive, proactive and helpful.
My support experience with Digital Ocean has been abysmal, every single time. Our latest experience was a misconfigured or malfunctioning Valkey cluster, we provided a ton of supporting information, their tech team magically fixed it and closed the ticket, and their support people tried to blame us for it breaking. This is so standard with them that I posted in our Slack "emailed DO support asking for a technical breakdown of what happened, they'll reply in a week blaming us". It only took them a couple of days though.
I’m trying to do my part with Domain Chief. Becoming a registrar is pretty gnarly especially without very deep pockets (ICANN very expensive) but some great reseller companies (also Dutch) make it possible to enter the market.
I’m not perfect yet and tiny parts use Fly/Cloudflare (Anycast / Turnstile) and Stripe for payments but the core runs on own hardware in a Dutch datacenter provided by Dutch companies.
We also switched to Europe it's now 5x cheaper and the servers are 4x more powerful.
I recommend switching to European cloud if only to not have to think twice about getting 3x redundant servers with 32gb ram. Trivial for anything you'd buy yourself but it costs 20 cars on AWS.
This clown couldn't be bothered to write their own blog post about the suitability of European infrastructure and instead, ironically, outsourced it to a US-based AI giant, Claude/Anthropic.
MrAlex94 | a day ago
If it matters, I didn’t go to them because they were specifically an EU org either - when Packet became Equinix Metal and then that got shut down, SCW were the most equivalent in terms of cost / hardware specifications and I often used them in parallel when Packet was still around so as to not have all my eggs in one basket.
adamas | a day ago
But really, I wonder why it's not used more ? Price are maybe a bit high for some things ?
[OP] willy__ | a day ago
tcldr | a day ago
reddalo | a day ago
bluebarbet | a day ago
With Hetzner now for several years without incident.
speedgoose | a day ago
I think they are not as well known. It’s a bit of a side project of the parent company, Iliad. They could benefit from heavy investments and some more aggressive marketing, but perhaps it’s not worth the risk and a slow but steady growth is what they prefer.
epolanski | a day ago
xvilka | a day ago
[OP] willy__ | a day ago
BadBadJellyBean | a day ago
adamas | a day ago
ozgrakkurt | a day ago
Putting closed source code on github is basically asking them to launder it through LLMs
Epa095 | a day ago
ozgrakkurt | a day ago
darthwalsh | a day ago
GitHub's privacy statement [1] says > GitHub personnel does not access private repository information without your consent except as provided...
Do you have any evidence that private repos on GitHub are being used for training?
In the opposite case, if you have a public repo on GitHub then you should expect it to be laundered through LLMs :\
[1] https://docs.github.com/en/site-policy/privacy-policies/gith...
adamors | a day ago
3D30497420 | a day ago
alias_neo | a day ago
[0] https://en.wikipedia.org/wiki/Forgejo
Also see: https://gitea-open-letter.coding.social/
EDIT: HN discussion on the latter: https://news.ycombinator.com/item?id=33372471
benrutter | a day ago
gostsamo | a day ago
marwann | a day ago
cpursley | a day ago
omnimus | a day ago
But after looking at their site: "MailerSend is a United States-registered company."
I understand they are based in EU but the main issue is that if they are registered in US then thanks to CLOUD Act afaik it doesn't really matter.
cpursley | 11 hours ago
[OP] willy__ | a day ago
medgelabs | a day ago
Disclaimer: I am a Tech Lead on Mailgun
mcbetz | a day ago
None comes close to AWS, closest comes are messageflow (PL), elasticemail (PL), brevo (FR). Other players like Scaleway TEM (FR) and Lettermint (NL) don't offer non-transactional.
[OP] willy__ | a day ago
mcbetz | a day ago
mfld | a day ago
Aldipower | a day ago
AWS SES does not work for me at all, the sending success rate is really bad.
dylmye | a day ago
receperdogan | a day ago
[OP] willy__ | a day ago
bdcravens | a day ago
s_dev | a day ago
The US has simply casually mentioned they could turn off all access to US digital services and products that we currently pay good money for. The concern is that they might maybe not all at once but I'm not waiting to find out that they're testing the waters with a single provider.
So we're getting security and independence and promoting the EU tech scene! EU has better privacy laws as well. Before this the US was seen as a reliable ally.
psychoslave | a day ago
All other points are "mere" technical gaps.
[OP] willy__ | a day ago
LeonidasXIV | a day ago
[OP] willy__ | a day ago
tecleandor | a day ago
And the situation for autorenewal is terrible. At least when using their Spanish site (inwx.es) they cannot do autorenewal billed directly to your credit card or Paypal account, you have to previously add credit to your account "balance" and leave it hanging there until your next renewal.
Somebody mentioned openprovider.com and I'm taking a look because it looks interesting.
stayallive | a day ago
I must say though that this (at this stage) is mostly only possible because a few (also Dutch) reseller titans that allow me to be affordable.
The cost of entry as registrar into ICANN TLDs is pretty high
stackbutterflow | a day ago
Unless some entity pours hundreds of billions (trillions?) of euros into solving this over multiple decades there will be no way to replace google ads and sign in with google/apple. The AI part seems to be the easiest thing to solve in the list, that says something.
[OP] willy__ | a day ago
yoavm | a day ago
Seems to me like it's mainly regulation. The thing that makes people in China, or Russia, for example, not use Google - isn't that Yandex / Baidu got tons of investments. It is that people can't easily access Google. If the EU decides to pull the switch (or if the US decides to do so), we have enough competence people here to build a search engine.
usrnm | a day ago
okanat | a day ago
Moreover, in democracies companies from other countries usually get more say and have more lobbying power. Open market system gives more decision powers to global players. Whereas in China or Russia, if you are not serving the goals of the dictatorial rule, you get ousted permanently without a fear of elections.
yoavm | a day ago
Everything you wrote about the open market system is true, except it seems like that system have died over the past year. Europeans understand now that the US isn't a friend.
pjc50 | a day ago
ben_w | a day ago
wvh | a day ago
stackbutterflow | a day ago
What's even the entry point? Google and Apple make the devices that everyone uses. Even if you build a service like you suggested, how do you ensure that everyone is using it?
danelski | a day ago
As in, that they won't run away when they see them or that they will all happily use them? If you mean the latter, then it's just false. Also, why do you assume that such product would need to be used worldwide all of a sudden? Having something for the local market would be sufficient to call it a success in this instance. There's an ICC judge who could tell you a thing or two about having a whole digital life on the hook of services from one country, so reducing this dependency is a clear benefit.
stackbutterflow | a day ago
Because I'm talking about not running on any American services. Which Americans can do and do all the time. I don't see how we can reach a point where we can one day not include google/apple sign in and not lose a massive number of potential users. Sure it's possible that one day we'll see a "Sign in with EU login" but below it they're always be sign in with google/apple, for a very long time.
danelski | a day ago
GeorgeOldfield | a day ago
palata | a day ago
I could say that you cannot run entirely on US technology, because electronics comes from China. Does that mean that we should just strive to move everything to China, so that we only depend on them?
Makes no sense to me.
deaux | a day ago
"Sign in with LINE" in Japan? Quintillions of Yen were spent.
stackbutterflow | a day ago
Also what about AI? Can't solve that with a sub billion euros of investment.
GeorgeOldfield | a day ago
Daegalus | a day ago
Hetzner was something I already used, so I just doubled down. I have a single OVH instance where I ma playing with Openclaw, but that was because I was having issues with Hetzner that day on their new instance page (was fixed the next day)
I use Bunny for my CDN, I just wish they have the capabilityt to route IPv4 and IPv6 traffic to IPv6 only origins. If your origin doesn't have IPv4, it wont route IPv4 to an IPv6 origin. Something Cloudflare could do. Still a shame its not a high priority.
For Domains, I am still on porkbun, but i have like 20 domains, and moving them to EU registrars would be pricey. I will do it, just not looking forward to it. Also there are few registrars tht handle all the TLDs i have, nothing like Porkbun. I use dot.bs to optimize my registrars and keep track of them.
I self-host a lot, but I haven't done github. I have a Forgejo instance with working CI/CD, but there are some painpoints mirroring 100s of repos and updating PATs. Also I minimize how much critical infra I host. I do it as my day job. Don't want to do it so much at home, and I still do some between NAS and self-hosted services I do run.
I do plan to try out Hanko and Nebius, those sound good. and Hit up scaleway to see if there is stuff I want to use there. I know Scaleway can be pricey.
dddw | a day ago
Daegalus | a day ago
cge | a day ago
There's also the matter that, ethically, openprovider seems to be heavily focusing on domain name speculators as clients; that may be a business many people would not want to support, and their services for people actually using their domains may be poor.
jhogervorst | a day ago
Do you have more info about that? I'm a customer of them and didn't know this.
I actually noticed that quite a lot of (smaller) hosting providers are also customers of Openprovider. (When transferring some domains from other providers to my account as Openprovider, they turned out to be internal transfers.) So I'm a bit surprised about it.
jhogervorst | a day ago
Some foreign extensions are quite expensive though. I happened to be looking into that yesterday, and Netim (FR) seems to be a good option for that. For the two extensions I need, they were among the cheapest with renewals.
locknitpicker | 13 hours ago
It's not just foreign domains that are expensive. A quick check showed openprovider charges double of what other providers charge for .nl domains, and the same applies for other european TLDs, even .eu.
locknitpicker | 13 hours ago
A quick check of their pricing refutes your claim. They do list cheap domains, but it's due to promotional discounts on the first registration that they follow by charging a huge markup in renewal fees.
Case in point, I have a few domains that I have been paying namecheap peanuts to maintain, and the same domains are listed in openprovider.eu to cost between 5 and 10x as much to renew.
sixtyj | a day ago
Daegalus | a day ago
Also no pricing and a "Talk to sales" only link. Which usually means super expensive, or B2B only. I pay like 10 cents a month on Bunny something
Sammi | a day ago
b112 | a day ago
When I see "talk to sales" I just move on. I don't have time to waste on that.
throwaway772549 | a day ago
I used to work for a business in a pretty competitive area, where tactics like fake DMCA requests and abuse cases are routinely used to attempt to take down information, be it from Google, or from the CDN/hosting provider. While at first Bunny support seemed understanding of it, later they unceremoniously blocked the account on the basis of too many complaints having been filed, despite all of them being responded to in due time and being proven false.
OTOH, their support staff would respond lightning-fast, which was a breath of fresh air compared to other CDNs we used before.
I could see myself using Bunny for personal projects, or some non-vital business, but probably not for anything with lots of competition.
r_lee | a day ago
for anything DMCA heavy maybe just buying dedicated servers or something instead could work?
throwaway772549 | a day ago
It feels rather unviable nowadays to run a business without some CDN/DDoS protection service in front of your website.
r_lee | a day ago
so if you can just find a good dedicated server provider that won't cut you off, maybe that's a potential solution?
just my 2 cents though
jonathantf2 | a day ago
r_lee | 17 hours ago
Daegalus | a day ago
I also use it to hide and protect my hetzner server.
It works well. My only gripe is the ipv6 thing
chb | a day ago
Daegalus | a day ago
Other than that, maybe ads
matteocontrini | 13 hours ago
Daegalus | 4 hours ago
How reliable is dot.bs DNS hosting?
dot.bs is backed by ClouDNS. ClouDNS serves over two billion DNS queries per day, so I can confidently say your DNS is in good hands.
Do I really get free email?
Yes! In order to make this possible, there are some limitations. A maximum of 5 email accounts per domain (unlimited domains) A maximum of 5 outgoing emails per hour, per account (to prevent spammers) A maximum of 75 MB storage per account If these limits are a problem for you, please reach out and we can figure something out.
grokx | a day ago
A great thing is that it's almost fully compatible with Github actions, so migrating an existing CI/CD should not be too painful. If you plan to move, make sure to read this first: https://docs.gitea.com/usage/actions/comparison#missing-feat...
For sure, it requires a bit of maintenance, mainly for updates, but that's all.
huijzer | a day ago
rhdunn | a day ago
indigodaddy | a day ago
0123456789ABCDE | a day ago
you ca see this on the footer of porkbun.com:
> Made in the USA
Daegalus | a day ago
It was fine when I lived near Bellevue, Washington. And I did live 30 years in the US but I want to divest myself from that shitshow.
indigodaddy | a day ago
Daegalus | a day ago
And for .com, .org, and .net those are owned by ICANN which is US controlled anyway.
wolfhumble | a day ago
For .com domains, if the rationale is data sovereignty, GDPR simplicity, avoiding dependence on a handful of American hyperscalers, then from an operational standpoint I don’t see much value in using European-based registrars. Ultimately, these domains remain under U.S. control regardless. If the focus is 'stubbornness' [one of the points in the article], then of course you have other priorities.
Personally I am all for data sovereignty etc, but very seldom for country boycotts.
bambax | a day ago
OT, about the finished product (hank.parts): the French translation and tone is a little rude. For one, it uses "tu" instead of "vous", which does have become customary on Social networks but is still a little bit agressive on a regular website. And "bagnole" or "balance une photo" is more than casual.
Maybe the target are young people but I wouldn't bet on it. Average car ownership in Europe is 53, and 55 in France. Share of new vehicle registrations by adults aged 18-34 is below 10% in Europe.
My two cents.
[OP] willy__ | a day ago
reddalo | a day ago
It should be "Pronto a trovare il tuo ricambio?", not "Pronto a Trovare il Tuo Ricambio?".
[OP] willy__ | a day ago
Spixel_ | a day ago
I wouldn't trust this website.
It comes across as influencer speech targeted to edgy young people with a touch of "how do you do, fellow kids?".
Pretty sure a modern LLM would yield a better one.
crystal_revenge | a day ago
While I support the spirit, it's important to acknowledge the reality of the current situation with the US (and the rest of the world). It has little to do with SaaS services and everything to do with energy and defense.
Europe imports more than half it's energy. The United States and Russia are both net exporters (Russia significantly so), China would be close to self-sufficient if not for their limited access to oil.
And while Trump may be ridiculous, he's not entirely wrong about Europe relying on the US for defense. Current estimates are that Europe needs to spent around one trillion dollars on defense to replace American support [0], and even then faces large challenges in getting their defense up to standards fast enough. Meanwhile the Ukraine war has allowed Russia to completely rework their economy into a military one.
While the popular narrative is that Trump is the sole cause of this souring relationship the reality is that geopolitics have been shifting a lot in recent decades and Europe is simply not the global position they were 50 years ago.
Europe can rely entirely on European SaaS companies and will still face massive energy and defense dependency problems.
0. https://www.wsj.com/world/europe/europes-1-trillion-race-to-...
Misteur-Z | a day ago
* OVHCloud is good if you deploy your production in HA fashion with higher tiers or do multi-region yourself using a vRack, real issue that they made the news with burning DCs, the fact that the customer base has been originally a gazillion cheap web servers does not help big companies going in, they are going somewhere on the SaaS
On most European cloud providers I feel like IAM is crap: workload identity is almost non-existent, API keys management is usually hellish. Same goes for encryption/isolation. I want to hear more technical feedback on most of them, devil is in the details !
[OP] willy__ | a day ago
alpineman | a day ago
thorin | a day ago
Also aren't their data centres all in the Paris area? Do they have any geo-redundancy?
[OP] willy__ | a day ago
karambahh | a day ago
paffdragon | a day ago
I was looking to see why they landed on this stack, but there are no alternatives or evaluation criteria listed - given the generated article, I wonder how much of the infra was selected by an LLM.
[OP] willy__ | a day ago
paffdragon | a day ago
Regarding the use of LLM for picking infra. The issue I usually have with such task is that they frequently omit things - either from the list of options or the features compared. And depending on my familiarity with the topic, I might never notice, which might steer my decision making into a different direction. Basically a certain bias. Sometimes prompting it to repeat reveals more, but ultimately I end up hitting the search and doing my own research, then I might use the LLM again with now more knolwedge and data. Did you run into this too? What was your process?
[OP] willy__ | a day ago
rmsaksida | a day ago
If that's the case, why do we have to suffer through an AI-generated article? Just give us the prompt.
This topic interests me but I stopped reading as soon as I noticed the slop. I'd much rather read a couple of human-written paragraphs with your personal experience.
Tiberium | a day ago
EDIT: Looks like it's an American one in the end, oh well. https://news.ycombinator.com/item?id=47085756
lm28469 | a day ago
[OP] willy__ | a day ago
TrackerFF | a day ago
And a last but: If using such auth systems, one would have to account for all the different systems unique to countries.
Maybe some larger EU-specific ID / auth system would make sense?
yoavm | a day ago
lysace | a day ago
https://github.com/eu-digital-identity-wallet
wvh | a day ago
A lot of people seem to agree that relying on a handful of too powerful American companies, especially in the ad and social media space, is a terrible idea and running foul of privacy requirements. Remains to be seen if some larger alternatives manage to pop up though. The European landscape is pretty fragmented.
throwaway063_1 | a day ago
worldsayshi | a day ago
We definitely need a vendor independent ID system.
palata | a day ago
I know this is true, but I genuinely don't understand it. I want email/password and passkey, I will always go out of my way to avoid "Sign in with ...". I just don't get why people love this.
[OP] willy__ | a day ago
palata | a day ago
[OP] willy__ | a day ago
bjourne | a day ago
vikaveri | a day ago
Nextgrid | a day ago
bjourne | a day ago
palata | a day ago
I am genuinely confused. Sounds like holding a gun from the wrong end and feeling protected by it.
bravetraveler | a day ago
danelski | a day ago
wraptile | a day ago
zelphirkalt | a day ago
If you use e-mail and password with a good password manager, that runs locally on your device and generate good random passwords, it is unlikely you will end up on haveibeenpwned, and even if one website does shit, the blast radius is only one account on one website.
bjourne | a day ago
Sharparam | a day ago
Apparently it has not been working without me noticing it?
bravetraveler | a day ago
I don't even bother with a VPN, just occasionally push a 'sync' button on the roaming devices [when they return to LAN]. DB transactions [new credentials] averages ~0 per month... but there's plenty of capacity. Works extremely well.
quadruple | a day ago
palata | a day ago
bravetraveler | a day ago
bjourne | a day ago
palata | a day ago
How do you expect to access the passwords that the password manager manages?
bjourne | a day ago
palata | a day ago
> Moreover, password managers do not work if you use multiple devices for log in
I use a password manager with multiple devices, and it works. And yes, my passwords are "protected", that's the job of the password manager.
zelphirkalt | a day ago
A classical password manager reads an encrypted database. In theory, you could upload your password database (usually just one file) anywhere, and wouldn't need to worry, assuming, that you chose a sufficiently long password for decryption, and assuming, that the encryption does not have weaknesses, which would allow an attacker to decrypt it without the password. In practice, of course you still wouldn't upload your password file to a public place, to reduce risks in the future. But anyway, the idea is, that only you know the master password for the encrypted database and so no one else can read your passwords.
flexagoon | a day ago
throwaway063_1 | a day ago
k4rli | 4 hours ago
I don't think it makes sense to even have a "primary email". I've completely separated work, shopping, banking, gaming etc mailboxes.
Also how do password managers not work? Bitwarden syncs instantly across devices just fine.
raincole | a day ago
Before inevitable "what if your password manager is hacked...," what if your google account is hacked / banned?
63stack | a day ago
(I'm saying this from the perspective of "regular people don't want to be inconvenienced like that, obviously you should use an external password manager for security)
palata | a day ago
> Before inevitable "what if your password manager is hacked
My passwords are encrypted with a security key. I think it is more likely for my computer to get compromised than for my password manager to leak the passwords.
Admittedly, if I lose all the security keys at the same time, I lose all of my passwords.
palata | a day ago
- Uses Google SSO to sign in everywhere
williamdclt | a day ago
I also avoid it because I'm concerned about being over-reliant on google (what if they close my account?) and I know how to use a password manager, but I easily understand how 90-99% of the population doesn't care enough and goes the low-friction route.
yuppiepuppie | a day ago
I work on auth for a European startup and this is the case.
palata | a day ago
What surprises me is that if they cannot do it, they will just leave. The post says it is a "conversion killer".
bdcravens | a day ago
Mawr | a day ago
At its most simplified, this can be thought of as a simple function of time — the more time something requires, the higher chance something else happens during that time, invalidating the original task.
The best sign-in flow is none at all — that's what e.g. Discord does. They let you use the app immediately, with an automatically created provisional account. Amazing user experience.
This applies universally — convenience is everything.
advisedwang | a day ago
Most if the "sign-in with google" accounts I have seen treat it as a shortcut to creating and logging in with an account with the primary email address of the Google account. So you can hit "reset password" and get a conventional password log-in to an account you previously made with the Google auth. If you get locked out of google, it's NBD.
Of course, this is probably not universally the case.
piperswe | a day ago
advisedwang | a day ago
amluto | 23 hours ago
palata | 12 hours ago
I like passkeys, but ideally it should always be an option to make a password, too.
amluto | 6 hours ago
aa-jv | a day ago
rithdmc | a day ago
Macha | a day ago
rithdmc | a day ago
Thanks for your insight. Outside of being a consumer, and as a security engineer one who appreciates things like passwordless, my experience comes from my employers passwordless rollout. The sentiment is broadly positive, but we would veer to a technical user base, and sentiment misses the nuance you brought up.
lII1lIlI11ll | a day ago
How is this low friction to manually copy/paste a code from email as opposed to allow a password manager to log me in automatically?! This kind of authentication is the stupid current trend I hate the most TBH.
rithdmc | a day ago
lII1lIlI11ll | a day ago
rithdmc | a day ago
palata | a day ago
Why specifically in-browser?
vel0city | a day ago
So sure, they might technically have a password manager installed, in that every major browser has a password manager included. But do they actually use it? That's what really matters.
rithdmc | a day ago
palata | a day ago
hnarn | a day ago
I wonder if there will ever come a day where the average HN user actually understands how normal people use technology.
Just observe anyone in your social circle that does not "care" about technology and you'll see their reaction to a login prompt when trying, not rarely under time pressure, to access a service they haven't used for a while.
They will sigh, maybe roll their eyes. And who can blame them? The same goes for registering to a new service. Normal people don't use password managers, they don't have Bitwarden with auto-fill, nor do they ever "generate" passwords.
"Sign in with..." offers them a way out of a frustrating experience, it's the device telling them "Hey, would you just like to use this thing you're already logged into instead?" -- yes, obviously they would like that.
palata | a day ago
Well, I wouldn't say I don't understand it. If someone uses their smartphone as a hammer, regularly break it and regularly buy a new smartphone, I understand what they are doing. I just don't understand why they are doing it, I guess?
In this case, the post says that it's a conversion killer. So people are so damn lazy that if they can't click on "share the information with Google", they will just leave.
jlokier | a day ago
palata | a day ago
I'm talking about the fact that people choose to not use the service if there is no SSO.
vel0city | a day ago
snayan | a day ago
Even absent the above. Imagine a signup flow. I can either click <Sign Up With Google> or I can go through a manual flow with input fields. The former is much faster than the latter. It surprises you people choose the path of least resistance?
palata | a day ago
What surprises me is that it is a "conversion killer". So if you ask people to create an account, it's sooooo very hard for them that they will just leave. And spend the next 30 minutes scrolling TikTok, I guess?
bdcravens | a day ago
zbentley | a day ago
Before we added SSO, huge numbers of users would enter but never complete the signup flow. We assumed they were making the (baffling) choice to take time to go to an office and wait inline over filling out a web form. A year later, we added Google and Facebook login. Failures to finish signup dropped to almost zero (a lot of folks were still bailing out of the manual create-account form without finishing, but they were then falling back to Google/Facebook).
More surprising, that year the net number of signups (across web and brick and mortar) more than tripled.
People weren't choosing in-person over a filling out the create-account form. They were choosing to pay a fine instead of filling out the create-account form.
So ... I don't know about "less valuable than TikTok", but a lot of folks' decisionmaking sure is wild.
palata | a day ago
snayan | a day ago
touristtam | a day ago
palata | a day ago
cetra3 | a day ago
palata | a day ago
Each password is a PGP-encrypted file, encrypted to security keys. The files are backed up in different places, including my laptop and my phone. The password manager app runs offline, so it has no reason to suddenly fail, but even if it did, my passwords are just encrypted with PGP, so I will never be "locked out".
I find it very unlikely that it would get compromised: again it's encrypted to security keys. If my device is compromised, the attacker can extract the passwords that I decrypt while the attacker has control, but not the whole database.
To lose my passwords, I would need to simultaneously lose all the copies (on my devices, and on the cloud). To lose access to my passwords, I would need to simultaneously lose all security keys.
Doesn't feel like a single point of failure. Or do I misunderstand what you mean by that?
apexalpha | a day ago
palata | a day ago
apexalpha | a day ago
In fact a decent % of people stops shopping on your site if there's a few ms lag.
At every step a few percent of revenue is lost your competitor takes in.
throwaway063_1 | a day ago
While it's still true, I have read that the accepted lag today is higher than 10-15 years ago, because they have lower expectations due to a general decline in page load speed. (React pages with spinners/placeholders, newsletter popups, higher page weights etc.)
bdcravens | a day ago
So no, I may not leave, but each tiny bit of friction increases the possibility of abandonment. From the perspective of conversion, abandonment is the same as "just leaving".
s_dev | a day ago
For a single personal user it's only a small bit of friction but if you're in charge of 30 people SSO is a godsend for boring compliance work and managing groups of people. You want to change a domain in the company not a big deal. Don't have to rotate passwords every quarter, need to restrict an employee from a service etc. You aren't imagining other challenges other than your own here.
palata | a day ago
The post says that if you don't have the SSO, it's a conversion killer. I.e. users just won't log in if they cannot do it with an SSO.
Of course companies use SSO because it gives them more control over the employees accounts. I understand why company do it.
jlokier | a day ago
Why wouldn't you choose the simplicity of "sign in with Google" if your work email is on Google Workspace, using the entire Google suite of business tools for everything (gmail, chat, meet, docs, drive, auth, etc) any everything you do at work is known to Google anyway?
Making an email/password account with your work Gmail is just extra steps, one more password to store, and perhaps the inconvenience of one more 2FA thing. Google gets the same information either way.
Similarly why wouldn't you choose the "sign in Microsoft" if your work is all in on the Microsoft suite of business tools (teams, office, onedrive, auth, etc.) and everything you do at work is known to Microsoft anyway?
oytis | a day ago
For the same reason why companies implement SSO for employees? It's just easier to have one account with one password to rule them all.
palata | a day ago
And that is also why companies don't allow employees to use anything other than the SSO.
oytis | a day ago
From the point of view of technical people it would be easier to achieve the same with password managers, but for the rest of us Google provides a smoother user experience.
rebyn | a day ago
zbentley | a day ago
1. Ease/laziness as others have mentioned. Even for a service that answers a real need, many users will bail out of the signup flow and just ... leave that need unsatisfied when they see a web form.
2. Underreported: google/apple sign-in buttons make it feel like you already have an account. The fact that the "grant access" new-signup request is a second screen and that "sign up" and "sign in" (with Google/Apple/Github/Facebook/etc.) are the same buttons to enter the funnel is huge. It's not that users are confused/forgetting whether they already have accounts (though some are); rather, it's psychological momentum created by the ambiguous language.
3. Trust and consistency. Nontechnical users just trust the recognizable brand buttons more. They don't necessarily know why/know how auth works, but they know that a lot of data breaches happen and are scared. The fact that the embed button almost always looks the same/familiar is massive. I suspect that it would also be a conversion killer if the "sign in with apple/google" buttons were styled to look totally different and not contain logos.
4. A lot of semi-technical folks don't like remembering passwords (and password managers--even good device-integrated ones--aren't as reliable at autofilling as a lot of casual users would like). Others know that it's a bad idea to reuse passwords. As a result, people use the button that doesn't require them to pick a password they'd have to remember.
5. Impression of privacy. Some (especially older) nontechnical users have a significant aversion to typing in their personal info (name/address/CC number) into online forms, so they pick the option that doesn't require that.
6. Technical people who prefer SSO because it gives (on the SSO provider side) a list of every integrated account; better permissions control (for services that integrate with e.g. Google for more than just login); a marginal chance of a little less data being stored on a service's servers versus the regular make-an-account option; somewhat fewer opportunities for a service to screw up auth by building it themselves wrong. This demographic is small compared to less technical users.
That's all presented without comment. Some of those points are based on exploitative provider behavior, or user ignorance. I'm just explaining the decisionmaking factors, not defending them.
Add all those up, and you definitely get a conversion killer.
raffkede | a day ago
[OP] willy__ | a day ago
raffkede | a day ago
PennRobotics | a day ago
raffkede | a day ago
data-ottawa | a day ago
The issue eventually worked itself out without paying for services I didn’t need and now I have a functioning account, but it was frustrating for sure.
baalimago | a day ago
Aldipower | a day ago
baalimago | a day ago
[0]: https://www.euronews.com/business/2026/02/19/made-in-europe-...
dizhn | a day ago
[OP] willy__ | a day ago
dizhn | a day ago
Aldipower | a day ago
Hosting and storage: Hetzner and Netcup
Domain: ClouDNS with Failover
Transactional email: Lettermint
CDN: Bunny
zelphirkalt | a day ago
Also their web interface doesn't allow you to delete your domain, even if you have not paid yet. So anyone could come and make some account and register a domain, but then not pay and they wouldn't remove it from their systems. The feel of their website is very antiquated and due to not being able to delete your domains, feels buggy.
Aldipower | a day ago
solarkraft | 12 hours ago
Bummer they failed so hard at your deletion request.
nickdothutton | a day ago
[OP] willy__ | a day ago
yread | a day ago
znnajdla | a day ago
Just buy a few Mac Studios and run them in-house with power supply backup and networking redundancy and you're good to go to serve more than 10k - 100k requests/second which is good enough to serve a million customers. You don't need VMs: a single Mac Studio gets you 2–4x the power of m7i.2xlarge on AWS, and pays for itself within a few months of AWS bills. You can do local AI inference and get Claude Opus-level performance (Kimi K2.5) over a cluster of Mac Studios with Exo.Labs (an unofficial Apple partner). You get free S3-compatible object storage with zero ongoing storage costs with MinIO (yes it's redundant even if you lose a server, and your hosting provider can't hold your data hostage by charging for egress). Postgres runs like a beast and is incredibly easy to setup - you get zero latency DB because it runs on the same machine, has access to lots of RAM and you're not paying per-GB or per-core. Managed databases are a scam. You don't need an Auth provider, just do passkeys yourself. And the great thing about Apple Silicon hardware is that it is amazingly quiet, reliable, and efficient - you can do thing like run headless browsers 3x faster and cheaper than on standard server hardware because of the unified memory and GPU acceleration, so you're not paying for CI/CD compute by-the-minute or headless browsers either.
This entire stack could give you computing power equivalent to a 25k euro/month AWS bill for the cost of electricity (same electricity cost as running a few fridges 24/7) plus about 50k euros one-time to set it up (about 4 Mac Studios). And yes, it's redundant, scalable, and even faster (in terms of per-request latency) than standard AWS/GCP cloud bloat. Not only is it cheaper and you own everything, but your app will work faster because all services are local (DB, Redis cache, SSD, etc.) without any VM overhead, shared cores, or noisy neighbours.
zonkd1234 | a day ago
znnajdla | a day ago
With this setup if 1 or 2 Mac Studios fail (or need to be restarted for updates) everything just keeps running smoothly with no customer impact. It also helps that the app itself is on the Elixir BEAM (Phoenix) so everything "just works" across all machines.
zonkd1234 | a day ago
ffsm8 | a day ago
You should probably reconsider going with it in 2026 unless you're fine with their new (non -opensource) offering. It still has a "free" license, so it might still be an option depending on your priorities.
But there are alternatives around, some being arguably much easier to run/maintain for small deployments like this.
magicalhippo | a day ago
[1]: https://news.ycombinator.com/item?id=47000041
piltdownman | a day ago
While I definitely concur with your conclusions re VMs and GCP hosting overhead, did you benchmark a container based setup in GKE or similar?
znnajdla | a day ago
aa-jv | a day ago
>.. serve more than 10k - 100k requests/second which is good enough to serve a million customers.
What is your network connectivity like for this setup? Presumably you operate in a building capable of giving you fiber, with a fixed IP, or something like that?
swiftcoder | a day ago
That is not really a rarity these days. I have symmetrical gigabit fibre with a fixed IP here in a Spanish farmhouse 45 minutes from the nearest population centre
zelphirkalt | a day ago
swiftcoder | a day ago
hvb2 | a day ago
swiftcoder | a day ago
But they offer the exact same specs to business customers in the nearby town. I appreciate Spain is well ahead of most other countries on connectivity, but I can't picture gigabit + static IP being a dealbreaker in most of Western Europe
znnajdla | a day ago
fauigerzigerk | a day ago
Only if you have physical offices and staff in every jurisdiction you're serving.
znnajdla | a day ago
fauigerzigerk | a day ago
Yes, but not where my customers live. The whole point of "sovereignty" is to serve customers from a location that is bound by the laws of _their_ jurisdiction, not mine.
msh | a day ago
fauigerzigerk | a day ago
It matters who can physically take control of the servers. It matters where the encryption keys are stored. The storage and processing location also matters for compliance with data residency laws.
But it's not the only thing I mentioned. Having physical offices and staff in a jurisdiction usually goes along with setting up some sort of legal and taxable entity that has personally responsible directors.
The whole issue is very complicated.
dd_xplore | a day ago
You'll need business internet plans with redundancy and based on locations that might be prohibitively expensive. Some startups might even require their own AS numbers.
Also the connectivity to the data centers or cloud infra like WAF , CDNs etc will be definitely worse compared to cloud instances. Then comes firewalls, their configuration and their redundancy.
These things will matter if you're serious about your SaaS.You could definitely co-locate, but that's another cost, then comes the redundancy of everything, from servers, to disks to network (routers and switches etc).
I personally believe that modern hardware is pretty reliable and doesn't need redundancy in every layer, but most people won't agree with and when startups have enough money, this doesn't matter to them.
I think the only reason the common public is unable to start SaaS is handling and managing these problems. Redundancy costs a lot. And many startups don't want to deal with it even if it'll help them in long run. They just gather enough cash and throw at the overlords.
I do hope that the general infra should improve so that can properly host their own.
Nevertheless I'm still trying to start something in SaaS space and self host from my home...
HenriTEL | a day ago
apexalpha | a day ago
tecleandor | a day ago
apexalpha | a day ago
MinIO took away the source, not the self hosting.
tecleandor | 21 hours ago
tecleandor | 6 hours ago
amluto | 23 hours ago
swiftcoder | a day ago
znnajdla | a day ago
petcat | a day ago
I fail to see the point of this when the system you've to decided to run "yourself" is entirely owned and dependent on another American company.
znnajdla | a day ago
fsflover | a day ago
https://news.ycombinator.com/item?id=46252114
mort96 | a day ago
znnajdla | a day ago
adamas | a day ago
iririririr | a day ago
carlosjobim | a day ago
vanviegen | a day ago
spwa4 | a day ago
The difference between EU and US is that it's possible to make all components in the US, using US equipment, and so some companies do because it commands a pretty decent premium. It's not even that hard since most components (e.g. reference motherboard designs) are still designed and actually built in the US. China still really mostly does what you might politely call "commercializes US tech". And let's not discuss too deeply if they correctly pay licensing for all the components they make, because nobody enjoys that discussion.
And yep, as you might expect, only Intel chips, no Nvidia cards ... and that's not the end of the limitations. The previous version had no USB-C monitor support, never mind one USB-C cable to multiple monitors, but last year intel really pushed a bit harder. But even this year, I'd hope you're not going to be trying to use these machines for gaming.
The EU can't even make a modern motherboard's USB port chip.
Oh and yes, there are cracks in the US version too. The phones used, for example, are iPhones. Radio designed in South Korea ...
znnajdla | a day ago
False. ASML is in the EU.
petcat | a day ago
yladiz | a day ago
petcat | a day ago
spwa4 | a day ago
hvb2 | a day ago
Right, ASML is so replaceable that the US forces the Dutch government to put export controls on some of their machines.
There's no substitute in the world for the top tier machines ASML makes.
petcat | a day ago
That's because the critical EUV light source technology is developed in California by a US-based subsidiary of ASML. The US and EU have mutual interest in protecting the technology and machines. If export control agreements were not in place then ASML would have never been permitted to acquire Cymer. And if they are not enforced then the US would almost certainly require ASML to sell Cymer back to US ownership, TikTok-style.
jrmg | a day ago
I’m having trouble searching for this - but all the top results seem to be SEO or AI slop, so perhaps I’m just not finding them.
vanviegen | a day ago
And while many (but certainly not all) of the other components could be made in the US, it's expensive and capacity is limited. So even the likes of HP and Dell have most of it done in Asia. Even Intel chips generally pass through Asia for assembly and testing, and their modern CPU tiles are likely to include TSMC-fabricated components.
All this is to say: the US is not tech independent (unless ancient tech counts). No single country is.
Though if you're just trying to say that the EU is significantly more tech-dependent than the US then I agree of course.
spwa4 | a day ago
petcat | a day ago
pbronez | a day ago
znnajdla | a day ago
ekidd | a day ago
I, too, once believed this. Then I had the displeasure of watching a $10,000 server fail during Christmas travel (about 20 years ago now). A single RAID drive failed. Then, during the rebuild, a second drive failed. Then the RAID controller itself failed catastrophically, losing all the RAID volume metadata. When we restored from backup, we discovered that the sysadmin who had just quit a few weeks before had lied to us about the backup system, and we had no backups.
This is the sort of black swan event that happens every 5-10 years. It's an unusually bad event, even by black swan standards, but stuff like this happens.
The fundamental problem of self-hosted databases is that you test the happy path every day, but you only test true disaster recovery every 5-10 years. And in practice, this means that disaster recovery will usually fail.
With a managed database service, most of what you're paying goes to making sure that disaster recovery works. And in my experience, it does. I've seen RDS database servers fail catastrophically, and completely rebuild in under 15 minutes with virtually no data loss, with almost no human intervention at all.
If you care about your customers' data, I think that a reputable managed database is the right move until roughly the point that you can pay for a full time database administrator. At that point, sure, roll your own. But do regular disaster recovery tests, lest you discover that a recently departed DBA has been lying to you.
znnajdla | a day ago
I test my backup recovery several times a month by actually baking into our CI/CD workflow under certain conditions. The entire production database gets restored from backup every week.
throwaway063_1 | a day ago
You could use a managed db service as a live replica dedicated as a backup only. The queries would go to your local database on beefy hardware, while the replica would just have to be powerful enough to keep up with the WAL stream.
yobbo | 14 hours ago
If bandwidth allows, you could even have local mirror in your office.
jrmg | a day ago
znnajdla | a day ago
amunozo | a day ago
potamic | a day ago
Does it do distributed inference? What kinda token speeds do you get?
honzabe | a day ago
[OP] willy__ | a day ago
mkzet | a day ago
[OP] willy__ | a day ago
BoorishBears | a day ago
At least, where "serious" is defined as making enough money that paying AWS $200 a month for $20 a month worth of compute is worth it in exchange for an actual SLA*, paid support, and knowing that even if you drop of the face of the Earth, the account will probably run unfunded months before your users even notice.
I've been bitten by using "quirky" tier-3 providers for savings on projects that really should have just ate the cost of a bigger provider.
(* Yes an SLA is not a magic uptime guarantee, but it creates an expectation which is a lot better than nothing.)
Aldipower | a day ago
deaux | a day ago
If you said Play Store, then sure, though at least distribution on there is free. But you said Google Ads, which you really do not need to acquire users. Returns on Google Ads were already low, and have only continued getting worse and worse. I'm sure someone here claims to be a magician at it and believes they can get a fantastic RoI out of it, and I'm sure some can. But the huge majority doesn't. It's very much like day trading stocks.
There's a huge number of other, better avenues for paid marketing if you want to do it.
[OP] willy__ | a day ago
deaux | a day ago
> You can add email/password and passkeys, but removing social logins entirely is a conversion killer. Every one of those auth flows hits American servers. The silver lining: Hanko, a German identity provider, handles the auth layer itself, so at least your user management and session handling stay in Europe, even if the OAuth flow touches Google or Apple.
You can at least put "Sign in with Spotify" first before Apple/Google - they have social login. I've even seen apps that have nothing to do with music offer it as an option.
[OP] willy__ | a day ago
imp0cat | a day ago
deaux | a day ago
Delivery Hero is really big and EU but too fragmented. Maybe Wise should add social login, I think Paypal has it.
zelphirkalt | a day ago
plufz | a day ago
deaux | a day ago
Of course if you're the next YC B2B SaaS raising big series then sure go burn your VC cash on Google Ads, but that's clearly not what OP is doing, or really most of us.
apublicfrog | a day ago
None of my businesses use a "sign in with..." option and I highly doubt it would increase conversions, however the article and many commenters here are adament (based on their experience) that it is integral.
I'm not sure it's day trading per se, I think it's just a lot more relevant to some industries/products than others.
deaux | a day ago
bob1029 | a day ago
ale42 | a day ago
bob1029 | a day ago
drcongo | a day ago
pu_pe | a day ago
Does anybody know whether there are any European alternatives for Github that allow you to host private/commercial repositories without using self-hosting?
anilakar | a day ago
Their direct internet connections rarely go down, but links between servers in their internal network suffer from intermittent failures. if you make your service reliable enough to be able to run on a single node, you could have built a monolith in the first place.
aa-jv | a day ago
A bit of anecdote from me, as a decades-long Hetzner user: I have personally felt no real impact whatsoever with their internal network suffering from intermittent failures. The downtime incurred by Hetzner admin I've experienced is measured in minutes, in my case over a 10 year period as a customer...
Aldipower | a day ago
kkfx | a day ago
What the author describe is just a supplier switch still owning next to nothing.
bdcravens | a day ago
kkfx | a day ago
The average Joe understands the concept of owning versus renting a physical good, whether it's a car or a fork, but in the digital realm, they think "if I see it on my screen, it's mine", they just can't grasp it. If we don't start teaching this, we won't be able to have a society built for digital sovereignty and technical rationality.
We'll keep having "communication services" that only talk to themselves, like WA, Slack, Discord, etc instead of those where everyone can talk to everyone else, from email to XMPP. Most people won't realise how absurd it is that WA only talks to WA, whereas even a basic telephone can call from any phone company to any other. Making people understand this is the foundation, which is currently missing even for many techies who get it because they have the knowledge, but only with a somewhat vague understanding, without really caring how to do things differently.
AJRF | a day ago
Their menu has:
- Console
- konsoleH
- Robot
- DNS
When I click into Console I get an additional option called "Website"
I have no idea what Robot and konsoleH are.
Is it a prerequisite if you make a cloud platform to make your offering as confusing as possible?
Aldipower | a day ago
[OP] willy__ | a day ago
yread | a day ago
vanschelven | a day ago
But to answer your question it's the top one from the menu and then you get a page that couldn't be more clear (IMHO as a customer)
piokoch | a day ago
mgol94 | a day ago
Symbiote | a day ago
We can see from this discussion that a small number of Americans moved to European services.
croes | a day ago
And then they cry when they lose access to everything because their Google/Apple account got blocked for some obscure violation of ToS.
samrus | a day ago
- EU domain registrars might have some bullshit under the hood making the same TLDs more expensive. Might need to investigate - eu needs its own mobile app ecosystem, easy auth, and genAI offerings - - but interested to see why mistral wasnt feasible - other things need to be scaled up to have the community and maturity to function well. This come with time and adoption
Id love if this took off. If more and more people did this
zelphirkalt | a day ago
(I am using their official Python client library.)
dwedge | a day ago
apexalpha | a day ago
We looked at StackIT at my company and they were twice as expensive... Which was a bit surprising to me.
I currently rent a full, dedicated AMD Ryzen 5 64GB ram server for €35 a month. Its amazing how much you can actually run on a dedicated machine
thecopy | a day ago
For one thing running on bare-metal @ Hetzner is insane value for money versus GCP GKE. Im a third of the running costs and get ~50x resources.
The only aspect im struggling with is full-disk encryption. Although customer data is still encrypred with envelope encryption in the database, i want to migrate to fully encrypted disks (LUKS + TPM) sooner rather than later. If anyone has any resources and/or experience with this, please let know :)
* Gatana AI MCP gateway: https://www.gatana.ai/
dwedge | a day ago
yread | a day ago
I've found this - how to do it without ever entrusting any encryption key to Hetzner
https://www.tqdev.com/2023-luks-encrypted-debian-12-server-h...
But it seems like way too much work
There is this easy tutorial (that for some reason disappeared)
https://web.archive.org/web/20260128114859/https://community...
and this on how to get an email when you need to unlock it via SSH
https://dominik.wombacher.cc/posts/email_notification_to_unl...
sreekanth850 | a day ago
anovikov | a day ago
lbourdages | a day ago
Now how bulletproof it is in practice will be tested in years to come, I'm sure. But it seems to be using the same model as AWS in China where a local company licenses and operates the software from AWS.
bdcravens | a day ago
dominicrose | a day ago
s_dev | a day ago
Zero chance the data stays in the EU. Just think about it for a moment. US CLOUD Act directly conflicts with EUs GDPR. Amazon doesn't want to risk losing EU markets but it can't lose the US market by not complying with US law.
If these two conflict Amazon will side with the US. The savvy business move is to pretend to serve the EU market exclusively while privately adhering to the US demands.
wtf77 | a day ago
vanschelven | a day ago
Just as a FYI: if self-hosting ever turns out to be too much work, it's also available Hosted.
bilinguliar | a day ago
fofoz | a day ago
andsoitis | a day ago
fofoz | a day ago
RupertSalt | a day ago
hansvm | a day ago
flomo | a day ago
ectospheno | a day ago
auslegung | a day ago
plagiarist | a day ago
I just hope this is economically damaging enough that they will quit doing campaign finance for a party consisting entirely of despotic grifters.
setgree | a day ago
> Let’s say every company gets about three innovation tokens. You can spend these however you want, but the supply is fixed for a long while... If you choose to write your website in NodeJS, you just spent one of your innovation tokens. If you choose to use MongoDB, you just spent one of your innovation tokens. If you choose to use service discovery tech that’s existed for a year or less, you just spent one of your innovation tokens. If you choose to write your own database, oh god, you’re in trouble.
From my POV, the author spent their innovation tokens on a political commitment. I would not recommend this path to someone starting a company. It's hard enough already.
Also, many American companies that might have been useful to the author were founded by Europeans, e.g. GitLab. There's plenty of European talent for making widely adopted infrastructure. If those companies aren't in Europe, it's worth asking why [1].
[0] https://mcfunley.com/choose-boring-technology
[1] https://worksinprogress.co/issue/why-europe-doesnt-have-a-te...
vanschelven | a day ago
It's only "a political commitment" as long as it doesn't affect you yet; and from the European perspective I'd say "the affecting has begun".
setgree | a day ago
> The parts that were extra hard
> Transactional email with competitive pricing. This one surprised me. Sendgrid, Postmark, Mailgun, they all make it trivially easy and reasonably cheap. The EU options exist, but finding one that matches on deliverability, pricing, and developer experience took real effort. Scaleway's TEM works, but the ecosystem is thinner. Fewer templates, fewer integrations, less community knowledge to lean on when something goes wrong.
The choose boring technology essay notes that as you get further along you might get more innovation tokens to spend. but when you're starting out, "not choosing sendgrid because they're American" is a token gone when they're most scarce.
vanschelven | a day ago
s_dev | a day ago
To assist others:
https://european-alternatives.eu/
yanhangyhy | a day ago
From a geopolitical perspective, such attempts don't hold much significance. The EU's future doesn't lie here either. It lies more in media control, profiting from balancing between the US, China, and Russia, and even continuing to extract raw materials from former colonies through low prices or unfair contracts. This may not be glorious, but it's what's been happening all along. A vast consumer market, the influence of values, comprehensive soft power, cultural control and integration of large numbers of immigrants, and so on. "Made in EU" will never succeed.
jimmydoe | a day ago
Mobile apps, can you try those alt stores?
rmuratov | a day ago
gethly | a day ago
tucnak | a day ago
Good news is you can get PCIe 5.0 servers, I/O gear, and host it yourself for a mere fraction of semi-capable AWS bill.
Bad news it doesn't matter if you don't get enough uplink bandwidth, no control over the routing table in the core routing infrastructure leading up to your WAN, or actual routers capable of hardware-filtering 100 gigabits worth of line rate per link. And you will need all these things if you want to at least try and match what Cloudflare/Cloudfront is doing from routing standpoint. (It will be much harder though to match them from the CDN standpoint...) DDoS protection is overrated, but it's not for reasons people commonly think.
Hrun0 | a day ago
> The pricing is almost absurdly good compared to AWS, and the performance is solid. If you've never spun up a Hetzner box, you're overpaying for cloud compute.
Yep!
drcongo | a day ago
kbanman | a day ago
stayallive | a day ago
I’m not perfect yet and tiny parts use Fly/Cloudflare (Anycast / Turnstile) and Stripe for payments but the core runs on own hardware in a Dutch datacenter provided by Dutch companies.
jurschreuder | a day ago
I recommend switching to European cloud if only to not have to think twice about getting 3x redundant servers with 32gb ram. Trivial for anything you'd buy yourself but it costs 20 cars on AWS.
anonnon | 20 hours ago
I flagged his submission for being AI.